Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-1104 | Code Injection vulnerability in Redhat Ansible Tower Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 8.8 |
| 2018-05-02 | CVE-2018-10642 | Code Injection vulnerability in Combodo Itop Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | 7.2 |
| 2018-05-01 | CVE-2018-8938 | Code Injection vulnerability in Progress Whatsup Gold A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). | 9.8 |
| 2018-04-30 | CVE-2018-10574 | Code Injection vulnerability in Bigtreecms Bigtree CMS site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | 9.8 |
| 2018-04-27 | CVE-2018-10517 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | 7.2 |
| 2018-04-27 | CVE-2018-10515 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. | 7.2 |
| 2018-04-26 | CVE-2018-10429 | Code Injection vulnerability in Cosmocms Cosmo 1.0.0 Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. | 9.8 |
| 2018-04-26 | CVE-2017-1721 | Code Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. | 5.6 |
| 2018-04-26 | CVE-2018-9113 | Code Injection vulnerability in CDC Microbetrace 0.1.12 Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. | 7.8 |
| 2018-04-26 | CVE-2018-8974 | Code Injection vulnerability in CDC Microbetrace 0.1.11 Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. | 7.8 |