Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-10 | CVE-2019-0355 | Code Injection vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. | 7.2 |
| 2019-09-03 | CVE-2019-15873 | Code Injection vulnerability in Metagauss Profilegrid The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | 8.8 |
| 2019-08-27 | CVE-2019-15647 | Code Injection vulnerability in Groundhogg The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. | 8.8 |
| 2019-08-27 | CVE-2018-21005 | Code Injection vulnerability in Bbpress Move Topics Project Bbpress Move Topics The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. | 9.8 |
| 2019-08-26 | CVE-2019-15642 | Code Injection vulnerability in Webmin rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. | 8.8 |
| 2019-08-22 | CVE-2018-20988 | Code Injection vulnerability in Google Forms Project Google Forms The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. | 7.5 |
| 2019-08-22 | CVE-2018-18573 | Code Injection vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 7.2 |
| 2019-08-22 | CVE-2019-15318 | Code Injection vulnerability in Yikesinc Easy Forms for Mailchimp The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. | 9.8 |
| 2019-08-19 | CVE-2019-15224 | Code Injection vulnerability in Rest-Client Project Rest-Client The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-08-14 | CVE-2019-0343 | Code Injection vulnerability in SAP Commerce Cloud SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. | 8.8 |