Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-13558 | Code Injection vulnerability in Advantech Webaccess In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | 9.8 |
| 2019-09-11 | CVE-2019-3759 | Code Injection vulnerability in Dell products The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. | 8.1 |
| 2019-09-10 | CVE-2019-0355 | Code Injection vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. | 7.2 |
| 2019-09-03 | CVE-2019-15873 | Code Injection vulnerability in Metagauss Profilegrid The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | 8.8 |
| 2019-08-27 | CVE-2019-15647 | Code Injection vulnerability in Groundhogg The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. | 8.8 |
| 2019-08-27 | CVE-2018-21005 | Code Injection vulnerability in Bbpress Move Topics Project Bbpress Move Topics The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. | 9.8 |
| 2019-08-26 | CVE-2019-15642 | Code Injection vulnerability in Webmin rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. | 8.8 |
| 2019-08-22 | CVE-2018-20988 | Code Injection vulnerability in Google Forms Project Google Forms The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. | 7.5 |
| 2019-08-22 | CVE-2018-18573 | Code Injection vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 7.2 |
| 2019-08-22 | CVE-2019-15318 | Code Injection vulnerability in Yikesinc Easy Forms for Mailchimp The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. | 9.8 |