Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2019-19208 | Code Injection vulnerability in Codiad Codiad Web IDE through 2.8.4 allows PHP Code injection. | 9.8 |
| 2020-03-15 | CVE-2020-8141 | Code Injection vulnerability in DOT Project DOT 1.1.2 The dot package v1.1.2 uses Function() to compile templates. | 8.8 |
| 2020-03-12 | CVE-2020-10389 | Code Injection vulnerability in Chadhaajay PHPkb 9.0 admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. | 7.2 |
| 2020-03-06 | CVE-2020-9530 | Code Injection vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. | 6.5 |
| 2020-03-03 | CVE-2019-3695 | Code Injection vulnerability in Opensuse PCP A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. | 7.8 |
| 2020-02-26 | CVE-2020-9406 | Code Injection vulnerability in Iblsoft Online Weather IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | 9.8 |
| 2020-02-25 | CVE-2019-4000 | Code Injection vulnerability in Druva Insync 6.5.0 Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. | 7.8 |
| 2020-02-17 | CVE-2020-8518 | Code Injection vulnerability in multiple products Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 9.8 |
| 2020-02-14 | CVE-2020-8129 | Code Injection vulnerability in Script-Manager Project Script-Manager An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | 9.8 |
| 2020-02-14 | CVE-2013-4211 | Code Injection vulnerability in Openx 2.8.10 A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | 9.8 |