Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-27 | CVE-2018-10515 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. | 7.2 |
| 2018-04-26 | CVE-2018-10429 | Code Injection vulnerability in Cosmocms Cosmo 1.0.0 Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. | 9.8 |
| 2018-04-26 | CVE-2017-1721 | Code Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. | 5.6 |
| 2018-04-26 | CVE-2018-9113 | Code Injection vulnerability in CDC Microbetrace 0.1.12 Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. | 7.8 |
| 2018-04-26 | CVE-2018-8974 | Code Injection vulnerability in CDC Microbetrace 0.1.11 Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. | 7.8 |
| 2018-04-19 | CVE-2018-10236 | Code Injection vulnerability in Poscms 3.2.18 POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file. | 7.2 |
| 2018-04-19 | CVE-2018-10235 | Code Injection vulnerability in Poscms 3.2.10 POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file. | 7.2 |
| 2018-04-16 | CVE-2018-10133 | Code Injection vulnerability in Pbootcms 0.9.8 PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | 9.8 |
| 2018-04-13 | CVE-2018-10086 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions. | 7.2 |
| 2018-04-12 | CVE-2018-1028 | Code Injection vulnerability in Microsoft products A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server. | 8.8 |