Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2016-5402 | Code Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine A code injection flaw was found in the way capacity and utilization imported control files are processed. | 8.8 |
| 2018-10-30 | CVE-2018-18835 | Code Injection vulnerability in Doccms 2016.5.12 upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | 9.8 |
| 2018-10-18 | CVE-2018-18461 | Code Injection vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.7 The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | 9.8 |
| 2018-10-17 | CVE-2018-18426 | Code Injection vulnerability in S-Cms 3.0 s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. | 8.8 |
| 2018-10-15 | CVE-2018-18319 | Code Injection vulnerability in Asuswrt-Merlin Project products An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. | 9.8 |
| 2018-10-11 | CVE-2018-18258 | Code Injection vulnerability in Bagesoft Bagecms 3.1.3 An issue was discovered in BageCMS 3.1.3. | 9.8 |
| 2018-10-09 | CVE-2018-7633 | Code Injection vulnerability in Adbglobal Epicentro 7.3.2 Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. | 9.8 |
| 2018-10-09 | CVE-2018-18083 | Code Injection vulnerability in Comsenz Duomicms 3.0 An issue was discovered in DuomiCMS 3.0. | 9.8 |
| 2018-10-05 | CVE-2015-9272 | Code Injection vulnerability in Videowhisper Video Presentation 3.31.17 The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | 9.8 |
| 2018-10-01 | CVE-2018-14804 | Code Injection vulnerability in Emerson AMS Device Manager Emerson AMS Device Manager v12.0 to v13.5. | 9.8 |