Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2020-5553 | Code Injection vulnerability in Mailform 1.04 mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 9.8 |
| 2020-03-23 | CVE-2020-7480 | Code Injection vulnerability in Schneider-Electric products A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. | 9.8 |
| 2020-03-23 | CVE-2020-6650 | Code Injection vulnerability in Eaton UPS Companion UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. | 8.8 |
| 2020-03-20 | CVE-2020-8140 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | 6.7 |
| 2020-03-20 | CVE-2020-8137 | Code Injection vulnerability in Blamer Project Blamer Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | 9.8 |
| 2020-03-20 | CVE-2019-16108 | Code Injection vulnerability in PHPbb 3.2.7 phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. | 7.5 |
| 2020-03-18 | CVE-2019-18582 | Code Injection vulnerability in Dell products Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. | 7.2 |
| 2020-03-16 | CVE-2019-19208 | Code Injection vulnerability in Codiad Codiad Web IDE through 2.8.4 allows PHP Code injection. | 9.8 |
| 2020-03-15 | CVE-2020-8141 | Code Injection vulnerability in DOT Project DOT 1.1.2 The dot package v1.1.2 uses Function() to compile templates. | 8.8 |
| 2020-03-12 | CVE-2020-10389 | Code Injection vulnerability in Chadhaajay PHPkb 9.0 admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. | 7.2 |