Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2020-8518 | Code Injection vulnerability in multiple products Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 9.8 |
| 2020-02-14 | CVE-2020-8129 | Code Injection vulnerability in Script-Manager Project Script-Manager An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | 9.8 |
| 2020-02-14 | CVE-2013-4211 | Code Injection vulnerability in Openx 2.8.10 A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | 9.8 |
| 2020-02-11 | CVE-2013-4225 | Code Injection vulnerability in Restful web Services Project Restful web Services The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | 8.8 |
| 2020-02-07 | CVE-2019-17268 | Code Injection vulnerability in Omniauth-Weibo-Oauth2 Project Omniauth-Weibo-Oauth2 0.4.6 The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2020-02-05 | CVE-2020-8644 | Code Injection vulnerability in Playsms PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | 9.8 |
| 2020-01-27 | CVE-2013-2267 | Code Injection vulnerability in Fudforum 3.0.4 PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. | 7.2 |
| 2020-01-11 | CVE-2020-6836 | Code Injection vulnerability in Hot-Formula-Parser Project Hot-Formula-Parser grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. | 9.8 |
| 2020-01-06 | CVE-2019-20343 | Code Injection vulnerability in Mojohaus Exec Maven 1.1.1 The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element). | 9.8 |
| 2020-01-05 | CVE-2019-20155 | Code Injection vulnerability in Determine Contract Lifecycle Management 5.4 An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. | 8.8 |