Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-07 | CVE-2019-17303 | Code Injection vulnerability in Sugarcrm SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user. | 8.8 |
| 2019-10-07 | CVE-2019-17302 | Code Injection vulnerability in Sugarcrm SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user. | 8.8 |
| 2019-10-07 | CVE-2019-17301 | Code Injection vulnerability in Sugarcrm SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user. | 7.2 |
| 2019-10-07 | CVE-2019-17300 | Code Injection vulnerability in Sugarcrm SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user. | 8.8 |
| 2019-10-07 | CVE-2019-17299 | Code Injection vulnerability in Sugarcrm SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user. | 7.2 |
| 2019-10-01 | CVE-2019-10431 | Code Injection vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | 9.9 |
| 2019-09-24 | CVE-2019-16759 | Code Injection vulnerability in Vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | 9.8 |
| 2019-09-20 | CVE-2019-16645 | Code Injection vulnerability in Embedthis Goahead 2.5.0 An issue was discovered in Embedthis GoAhead 2.5.0. | 8.6 |
| 2019-09-20 | CVE-2019-15087 | Code Injection vulnerability in Prise Adas 1.7.0 An issue was discovered in PRiSE adAS 1.7.0. | 7.2 |
| 2019-09-19 | CVE-2019-15001 | Code Injection vulnerability in Atlassian Jira Server The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. | 7.2 |