Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-1792 | Code Injection vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. | 7.8 |
| 2018-11-12 | CVE-2018-19220 | Code Injection vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 9.8 |
| 2018-11-12 | CVE-2018-19196 | Code Injection vulnerability in Xiaocms 20141229 An issue was discovered in XiaoCms 20141229. | 9.8 |
| 2018-11-11 | CVE-2018-19180 | Code Injection vulnerability in Yunucms 1.1.5 statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. | 9.8 |
| 2018-11-09 | CVE-2018-19127 | Code Injection vulnerability in PHPcms 2008 A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. | 9.8 |
| 2018-11-07 | CVE-2018-19053 | Code Injection vulnerability in Pbootcms 1.2.2 PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | 7.2 |
| 2018-11-06 | CVE-2018-14667 | Code Injection vulnerability in Redhat Enterprise Linux and Richfaces The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. | 9.8 |
| 2018-11-03 | CVE-2018-18903 | Code Injection vulnerability in Vanillaforums Vanilla 2.6.0/2.6.1/2.6.3 Vanilla 2.6.x before 2.6.4 allows remote code execution. | 9.8 |
| 2018-11-01 | CVE-2018-6012 | Code Injection vulnerability in Rainmachine Mini-8 Firmware The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. | 9.8 |
| 2018-11-01 | CVE-2018-18892 | Code Injection vulnerability in 1234N Minicms 1.10 MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | 9.8 |