Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-06 | CVE-2018-14716 | Code Injection vulnerability in Nystudio107 Seomatic A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code. | 7.5 |
| 2018-08-06 | CVE-2016-4397 | Code Injection vulnerability in HP Network Node Manager I 10.00/10.10/10.20 A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | 7.8 |
| 2018-08-06 | CVE-2016-4391 | Code Injection vulnerability in HP Arcsight Winc Connector A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | 9.8 |
| 2018-08-03 | CVE-2018-14910 | Code Injection vulnerability in Seacms 6.61 SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). | 8.8 |
| 2018-08-03 | CVE-2018-7748 | Code Injection vulnerability in Servicenow Jakarta report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. | 8.8 |
| 2018-07-24 | CVE-2018-14579 | Code Injection vulnerability in Golemcms Project Golemcms GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for install/install.sql. | 9.8 |
| 2018-07-23 | CVE-2018-1999023 | Code Injection vulnerability in Wesnoth the Battle for Wesnoth The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. | 8.8 |
| 2018-07-23 | CVE-2018-1999022 | Code Injection vulnerability in multiple products PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. | 9.8 |
| 2018-07-23 | CVE-2018-1999019 | Code Injection vulnerability in Chamilo LMS Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. | 9.8 |
| 2018-07-20 | CVE-2018-14421 | Code Injection vulnerability in Seacms 6.61 SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). | 8.8 |