Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-18 | CVE-2018-3700 | Code Injection vulnerability in Intel USB 3.0 Extensible Host Controller Driver 5.0.4.42/5.0.4.43 Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access. | 6.7 |
| 2019-02-15 | CVE-2019-8341 | Code Injection vulnerability in multiple products An issue was discovered in Jinja2 2.10. | 9.8 |
| 2019-02-11 | CVE-2019-7720 | Code Injection vulnerability in Taogogo Taocms taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | 9.8 |
| 2019-02-11 | CVE-2019-7719 | Code Injection vulnerability in Nibbleblog 4.0.5 Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. | 9.8 |
| 2019-02-11 | CVE-2018-20775 | Code Injection vulnerability in Frog CMS Project Frog CMS 0.9.5 admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | 7.2 |
| 2019-02-11 | CVE-2018-20773 | Code Injection vulnerability in Frog CMS Project Frog CMS 0.9.5 Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | 7.2 |
| 2019-02-11 | CVE-2018-20772 | Code Injection vulnerability in Frog CMS Project Frog CMS 0.9.5 Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | 7.2 |
| 2019-02-10 | CVE-2018-20768 | Code Injection vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 9.8 |
| 2019-02-10 | CVE-2019-7692 | Code Injection vulnerability in CIM Project CIM 0.9.3 install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder. | 9.8 |
| 2019-02-07 | CVE-2019-7580 | Code Injection vulnerability in Thinkcmf 5.0.190111 ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection. | 8.8 |