Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds.
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability.
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information.
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin.