Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-10-01 CVE-2018-17827 Code Injection vulnerability in Hisiphp 1.0.8
HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code.
network
low complexity
hisiphp CWE-94
7.2
7.2
2018-09-21 CVE-2018-17173 Code Injection vulnerability in LG Supersign CMS 2.5
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
network
low complexity
lg CWE-94
critical
 9.8
9.8
2018-09-19 CVE-2018-17207 Code Injection vulnerability in Snapcreek Duplicator
An issue was discovered in Snap Creek Duplicator before 1.2.42.
network
low complexity
snapcreek CWE-94
critical
 9.8
9.8
2018-09-17 CVE-2018-14630 Code Injection vulnerability in Moodle
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution.
network
low complexity
moodle CWE-94
8.8
8.8
2018-09-17 CVE-2018-11781 Code Injection vulnerability in multiple products
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
local
low complexity
apache redhat debian canonical CWE-94
7.8
7.8
2018-09-17 CVE-2018-11780 Code Injection vulnerability in multiple products
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
network
low complexity
apache pdfinfo-project debian canonical CWE-94
critical
 9.8
9.8
2018-09-17 CVE-2018-17134 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
network
low complexity
phpmywind CWE-94
7.2
7.2
2018-09-17 CVE-2018-17133 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
network
low complexity
phpmywind CWE-94
7.2
7.2
2018-09-17 CVE-2018-17132 Code Injection vulnerability in PHPmywind 5.5
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
network
low complexity
phpmywind CWE-94
7.2
7.2
2018-09-17 CVE-2018-17131 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
network
low complexity
phpmywind CWE-94
7.2
7.2