Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-01 | CVE-2018-6012 | Code Injection vulnerability in Rainmachine Mini-8 Firmware The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. | 9.8 |
| 2018-11-01 | CVE-2018-18892 | Code Injection vulnerability in 1234N Minicms 1.10 MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | 9.8 |
| 2018-10-30 | CVE-2018-18835 | Code Injection vulnerability in Doccms 2016.5.12 upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | 9.8 |
| 2018-10-18 | CVE-2018-18461 | Code Injection vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.7 The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | 9.8 |
| 2018-10-17 | CVE-2018-18426 | Code Injection vulnerability in S-Cms 3.0 s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. | 8.8 |
| 2018-10-15 | CVE-2018-18319 | Code Injection vulnerability in Asuswrt-Merlin Project products An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. | 9.8 |
| 2018-10-11 | CVE-2018-18258 | Code Injection vulnerability in Bagesoft Bagecms 3.1.3 An issue was discovered in BageCMS 3.1.3. | 9.8 |
| 2018-10-09 | CVE-2018-7633 | Code Injection vulnerability in Adbglobal Epicentro 7.3.2 Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. | 9.8 |
| 2018-10-09 | CVE-2018-18083 | Code Injection vulnerability in Comsenz Duomicms 3.0 An issue was discovered in DuomiCMS 3.0. | 9.8 |
| 2018-10-05 | CVE-2015-9272 | Code Injection vulnerability in Videowhisper Video Presentation 3.31.17 The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | 9.8 |