Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-10-07 CVE-2019-17305 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.
network
low complexity
sugarcrm CWE-94
8.8
8.8
2019-10-07 CVE-2019-17304 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.
network
low complexity
sugarcrm CWE-94
7.2
7.2
2019-10-07 CVE-2019-17303 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.
network
low complexity
sugarcrm CWE-94
8.8
8.8
2019-10-07 CVE-2019-17302 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user.
network
low complexity
sugarcrm CWE-94
8.8
8.8
2019-10-07 CVE-2019-17301 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.
network
low complexity
sugarcrm CWE-94
7.2
7.2
2019-10-07 CVE-2019-17300 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.
network
low complexity
sugarcrm CWE-94
8.8
8.8
2019-10-07 CVE-2019-17299 Code Injection vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.
network
low complexity
sugarcrm CWE-94
7.2
7.2
2019-10-01 CVE-2019-10431 Code Injection vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins CWE-94
critical
 9.9
9.9
2019-09-24 CVE-2019-16759 Code Injection vulnerability in Vbulletin
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
network
low complexity
vbulletin CWE-94
critical
 9.8
9.8
2019-09-20 CVE-2019-16645 Code Injection vulnerability in Embedthis Goahead 2.5.0
An issue was discovered in Embedthis GoAhead 2.5.0.
network
low complexity
embedthis CWE-94
8.6
8.6