Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-10-15 CVE-2018-18319 Code Injection vulnerability in Asuswrt-Merlin Project products
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices.
network
low complexity
asuswrt-merlin-project CWE-94
critical
 9.8
9.8
2018-10-11 CVE-2018-18258 Code Injection vulnerability in Bagesoft Bagecms 3.1.3
An issue was discovered in BageCMS 3.1.3.
network
low complexity
bagesoft CWE-94
critical
 9.8
9.8
2018-10-09 CVE-2018-7633 Code Injection vulnerability in Adbglobal Epicentro 7.3.2
Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request.
network
low complexity
adbglobal CWE-94
critical
 9.8
9.8
2018-10-09 CVE-2018-18083 Code Injection vulnerability in Comsenz Duomicms 3.0
An issue was discovered in DuomiCMS 3.0.
network
low complexity
comsenz CWE-94
critical
 9.8
9.8
2018-10-05 CVE-2015-9272 Code Injection vulnerability in Videowhisper Video Presentation 3.31.17
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code.
network
low complexity
videowhisper CWE-94
critical
 9.8
9.8
2018-10-01 CVE-2018-14804 Code Injection vulnerability in Emerson AMS Device Manager
Emerson AMS Device Manager v12.0 to v13.5.
network
low complexity
emerson CWE-94
critical
 9.8
9.8
2018-10-01 CVE-2018-17827 Code Injection vulnerability in Hisiphp 1.0.8
HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code.
network
low complexity
hisiphp CWE-94
7.2
7.2
2018-09-21 CVE-2018-17173 Code Injection vulnerability in LG Supersign CMS 2.5
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
network
low complexity
lg CWE-94
critical
 9.8
9.8
2018-09-19 CVE-2018-17207 Code Injection vulnerability in Snapcreek Duplicator
An issue was discovered in Snap Creek Duplicator before 1.2.42.
network
low complexity
snapcreek CWE-94
critical
 9.8
9.8
2018-09-17 CVE-2018-14630 Code Injection vulnerability in Moodle
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution.
network
low complexity
moodle CWE-94
8.8
8.8