Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-11 | CVE-2019-7720 | Code Injection vulnerability in Taogogo Taocms taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | 9.8 |
| 2019-02-11 | CVE-2019-7719 | Code Injection vulnerability in Nibbleblog 4.0.5 Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. | 9.8 |
| 2019-02-11 | CVE-2018-20775 | Code Injection vulnerability in Frog CMS Project Frog CMS 0.9.5 admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | 7.2 |
| 2019-02-11 | CVE-2018-20773 | Code Injection vulnerability in Frog CMS Project Frog CMS 0.9.5 Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | 7.2 |
| 2019-02-11 | CVE-2018-20772 | Code Injection vulnerability in Frog CMS Project Frog CMS 0.9.5 Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | 7.2 |
| 2019-02-10 | CVE-2018-20768 | Code Injection vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 9.8 |
| 2019-02-10 | CVE-2019-7692 | Code Injection vulnerability in CIM Project CIM 0.9.3 install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder. | 9.8 |
| 2019-02-07 | CVE-2019-7580 | Code Injection vulnerability in Thinkcmf 5.0.190111 ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection. | 8.8 |
| 2019-02-05 | CVE-2018-19002 | Code Injection vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. | 7.8 |
| 2019-02-04 | CVE-2019-4038 | Code Injection vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. | 6.2 |