Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-05 | CVE-2017-18468 | Code Injection vulnerability in Cpanel cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | 6.3 |
| 2019-08-02 | CVE-2019-7871 | Code Injection vulnerability in Magento A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. | 8.8 |
| 2019-08-01 | CVE-2018-20931 | Code Injection vulnerability in Cpanel cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | 6.3 |
| 2019-08-01 | CVE-2019-0193 | Code Injection vulnerability in multiple products In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. | 7.2 |
| 2019-08-01 | CVE-2018-20896 | Code Injection vulnerability in Cpanel cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | 3.9 |
| 2019-07-29 | CVE-2019-11201 | Code Injection vulnerability in Dolibarr Erp/Crm 9.0.1 Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. | 8.0 |
| 2019-07-26 | CVE-2019-14282 | Code Injection vulnerability in Simple Captcha2 Project Simple Captcha2 0.2.3 The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-07-26 | CVE-2019-14281 | Code Injection vulnerability in Datagrid Project Datagrid 1.0.6 The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-07-23 | CVE-2019-10173 | Code Injection vulnerability in multiple products It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. | 9.8 |
| 2019-07-19 | CVE-2019-11552 | Code Injection vulnerability in Code42 products Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. | 7.0 |