Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-19595 | Code Injection vulnerability in Pbootcms 1.3.1 PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | 9.8 |
| 2018-11-25 | CVE-2018-19520 | Code Injection vulnerability in multiple products An issue was discovered in SDCMS 1.6 with PHP 5.x. | 8.8 |
| 2018-11-22 | CVE-2018-19463 | Code Injection vulnerability in Zblogcn Z-Blogphp zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. | 8.8 |
| 2018-11-21 | CVE-2018-19404 | Code Injection vulnerability in Yxcms 1.4.7 In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. | 7.2 |
| 2018-11-14 | CVE-2018-8415 | Code Injection vulnerability in Microsoft products A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
| 2018-11-13 | CVE-2018-2491 | Code Injection vulnerability in SAP Fiori Client When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. | 7.8 |
| 2018-11-13 | CVE-2018-1808 | Code Injection vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. | 8.8 |
| 2018-11-13 | CVE-2018-1792 | Code Injection vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. | 7.8 |
| 2018-11-12 | CVE-2018-19220 | Code Injection vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 9.8 |
| 2018-11-12 | CVE-2018-19196 | Code Injection vulnerability in Xiaocms 20141229 An issue was discovered in XiaoCms 20141229. | 9.8 |