Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-24 | CVE-2018-7801 | Code Injection vulnerability in Schneider-Electric Evlink Parking Firmware 3.1.133/3.2.012 A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | 8.8 |
| 2018-12-21 | CVE-2018-20325 | Code Injection vulnerability in Definitions Project Definitions There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. | 9.8 |
| 2018-12-20 | CVE-2018-1000881 | Code Injection vulnerability in Traccar Server Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. | 9.8 |
| 2018-12-20 | CVE-2018-20300 | Code Injection vulnerability in Phome Empirecms 7.5 Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. | 9.8 |
| 2018-12-17 | CVE-2018-20133 | Code Injection vulnerability in Ymlref Project Ymlref ymlref allows code injection. | 9.8 |
| 2018-12-17 | CVE-2018-20027 | Code Injection vulnerability in Lisa-Lab Pylearn2 The yaml_parse.load method in Pylearn2 allows code injection. | 9.8 |
| 2018-12-17 | CVE-2018-18249 | Code Injection vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet. | 9.8 |
| 2018-12-13 | CVE-2018-20129 | Code Injection vulnerability in Dedecms 5.7 An issue was discovered in DedeCMS V5.7 SP2. | 8.8 |
| 2018-12-12 | CVE-2018-8540 | Code Injection vulnerability in Microsoft .Net Framework A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. | 9.8 |
| 2018-11-27 | CVE-2018-19595 | Code Injection vulnerability in Pbootcms 1.3.1 PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | 9.8 |