CWE-94— Improper Control of Generation of Code (Code Injection)

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary c…

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.

Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.

Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a through <= 3.2.1.

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Mali…

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed fo…

An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which co…

An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component.

SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file.

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component.

An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component.

An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component.

Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for…

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attacker…

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScri…

Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app.

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fi…

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites tha…

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficien…

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper f…

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.

Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field.

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the e…

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via sh…

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. A…

The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpo…

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with t…

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised…

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLo…

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compi…

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users throug…

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.

Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.

A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor.

A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm.