Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7889 Injection vulnerability in Magento
An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-74
4.0
4.0
2019-08-02 CVE-2017-18437 Injection vulnerability in Cpanel
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
local
low complexity
cpanel CWE-74
3.6
3.6
2019-08-02 CVE-2017-18389 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
network
low complexity
cpanel CWE-74
6.5
6.5
2019-08-02 CVE-2017-18387 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
network
low complexity
cpanel CWE-74
critical
 9.0
9.0
2019-08-02 CVE-2017-18386 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
network
low complexity
cpanel CWE-74
critical
 9.0
9.0
2019-08-01 CVE-2016-10847 Injection vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
network
low complexity
cpanel CWE-74
5.5
5.5
2019-08-01 CVE-2016-10845 Injection vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
network
low complexity
cpanel CWE-74
6.5
6.5
2019-08-01 CVE-2018-20914 Injection vulnerability in Cpanel
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
network
cpanel CWE-74
4.9
4.9
2019-08-01 CVE-2018-20898 Injection vulnerability in Cpanel
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
network
low complexity
cpanel CWE-74
4.0
4.0
2019-08-01 CVE-2018-20885 Injection vulnerability in Cpanel
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
network
low complexity
cpanel CWE-74
5.0
5.0