Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-11 | CVE-2018-19180 | Code Injection vulnerability in Yunucms 1.1.5 statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. | 9.8 |
| 2018-11-09 | CVE-2018-19127 | Code Injection vulnerability in PHPcms 2008 A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. | 9.8 |
| 2018-11-07 | CVE-2018-19053 | Code Injection vulnerability in Pbootcms 1.2.2 PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | 7.2 |
| 2018-11-06 | CVE-2018-14667 | Code Injection vulnerability in Redhat Enterprise Linux and Richfaces The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. | 9.8 |
| 2018-11-03 | CVE-2018-18903 | Code Injection vulnerability in Vanillaforums Vanilla 2.6.0/2.6.1/2.6.3 Vanilla 2.6.x before 2.6.4 allows remote code execution. | 9.8 |
| 2018-11-01 | CVE-2018-6012 | Code Injection vulnerability in Rainmachine Mini-8 Firmware The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. | 9.8 |
| 2018-11-01 | CVE-2018-18892 | Code Injection vulnerability in 1234N Minicms 1.10 MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | 9.8 |
| 2018-10-30 | CVE-2018-18835 | Code Injection vulnerability in Doccms 2016.5.12 upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | 9.8 |
| 2018-10-18 | CVE-2018-18461 | Code Injection vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.7 The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | 9.8 |
| 2018-10-17 | CVE-2018-18426 | Code Injection vulnerability in S-Cms 3.0 s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. | 8.8 |