Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-01-23 CVE-2019-6713 Code Injection vulnerability in Thinkcmf 5.0.190111
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.
network
low complexity
thinkcmf CWE-94
critical
9.8
2019-01-22 CVE-2018-19011 Code Injection vulnerability in Omron Cx-Supervisor
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file.
network
low complexity
omron CWE-94
8.8
2019-01-15 CVE-2018-20717 Code Injection vulnerability in Prestashop
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges.
network
low complexity
prestashop CWE-94
8.8
2019-01-15 CVE-2017-18356 Code Injection vulnerability in Woocommerce
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges.
network
low complexity
woocommerce CWE-94
8.8
2019-01-10 CVE-2018-0461 Code Injection vulnerability in Cisco IP Phone 8800 Series Firmware 12.5(1)
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device.
network
low complexity
cisco CWE-94
8.8
2019-01-09 CVE-2018-16168 Code Injection vulnerability in Jpcert Logontracer
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors.
network
low complexity
jpcert CWE-94
critical
9.8
2019-01-09 CVE-2016-9651 Code Injection vulnerability in multiple products
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat CWE-94
8.8
2019-01-09 CVE-2019-0542 Code Injection vulnerability in multiple products
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
network
low complexity
xtermjs redhat CWE-94
8.8
2019-01-08 CVE-2019-0247 Code Injection vulnerability in SAP Cloud Connector
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.8
2019-01-03 CVE-2019-3575 Code Injection vulnerability in Sqla Yaml Fixtures Project Sqla Yaml Fixtures 0.9.1
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
local
low complexity
sqla-yaml-fixtures-project CWE-94
7.8