Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-17 | CVE-2018-17126 | Code Injection vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | 9.8 |
| 2018-09-14 | CVE-2018-17036 | Code Injection vulnerability in Ucms Project Ucms 1.4.6/1.6 An issue was discovered in UCMS 1.4.6 and 1.6. | 9.8 |
| 2018-09-14 | CVE-2018-17030 | Code Injection vulnerability in Bigtreecms Bigtree CMS 4.2.23 BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. | 7.5 |
| 2018-09-12 | CVE-2018-16975 | Code Injection vulnerability in Elefantcms Elefant An issue was discovered in Elefant CMS before 2.0.7. | 9.8 |
| 2018-09-12 | CVE-2018-3686 | Code Injection vulnerability in Intel Sa-00086 Detection Tool 1.2.7.0 Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. | 6.7 |
| 2018-09-10 | CVE-2018-15886 | Code Injection vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. | 7.2 |
| 2018-09-10 | CVE-2018-16771 | Code Injection vulnerability in Hoosk 1.7.0 Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | 9.8 |
| 2018-09-06 | CVE-2018-16604 | Code Injection vulnerability in Nibbleblog 4.0.5 An issue was discovered in Nibbleblog v4.0.5. | 7.2 |
| 2018-09-04 | CVE-2018-0675 | Code Injection vulnerability in Hibara Attachecase AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. | 7.8 |
| 2018-09-04 | CVE-2018-0674 | Code Injection vulnerability in Hibara Attachecase AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. | 7.8 |