Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-17 | CVE-2018-18249 | Code Injection vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet. | 9.8 |
| 2018-12-13 | CVE-2018-20129 | Code Injection vulnerability in Dedecms 5.7 An issue was discovered in DedeCMS V5.7 SP2. | 8.8 |
| 2018-12-12 | CVE-2018-8540 | Code Injection vulnerability in Microsoft .Net Framework A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. | 9.8 |
| 2018-11-27 | CVE-2018-19595 | Code Injection vulnerability in Pbootcms 1.3.1 PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | 9.8 |
| 2018-11-25 | CVE-2018-19520 | Code Injection vulnerability in multiple products An issue was discovered in SDCMS 1.6 with PHP 5.x. | 8.8 |
| 2018-11-22 | CVE-2018-19463 | Code Injection vulnerability in Zblogcn Z-Blogphp zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. | 8.8 |
| 2018-11-21 | CVE-2018-19404 | Code Injection vulnerability in Yxcms 1.4.7 In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. | 7.2 |
| 2018-11-14 | CVE-2018-8415 | Code Injection vulnerability in Microsoft products A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
| 2018-11-13 | CVE-2018-2491 | Code Injection vulnerability in SAP Fiori Client When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. | 7.8 |
| 2018-11-13 | CVE-2018-1808 | Code Injection vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. | 8.8 |