Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-23 | CVE-2019-6713 | Code Injection vulnerability in Thinkcmf 5.0.190111 app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. | 9.8 |
2019-01-22 | CVE-2018-19011 | Code Injection vulnerability in Omron Cx-Supervisor CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. | 8.8 |
2019-01-15 | CVE-2018-20717 | Code Injection vulnerability in Prestashop In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. | 8.8 |
2019-01-15 | CVE-2017-18356 | Code Injection vulnerability in Woocommerce In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. | 8.8 |
2019-01-10 | CVE-2018-0461 | Code Injection vulnerability in Cisco IP Phone 8800 Series Firmware 12.5(1) A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. | 8.8 |
2019-01-09 | CVE-2018-16168 | Code Injection vulnerability in Jpcert Logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. | 9.8 |
2019-01-09 | CVE-2016-9651 | Code Injection vulnerability in multiple products A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
2019-01-09 | CVE-2019-0542 | Code Injection vulnerability in multiple products A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | 8.8 |
2019-01-08 | CVE-2019-0247 | Code Injection vulnerability in SAP Cloud Connector SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. | 9.8 |
2019-01-03 | CVE-2019-3575 | Code Injection vulnerability in Sqla Yaml Fixtures Project Sqla Yaml Fixtures 0.9.1 Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. | 7.8 |