Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-5727

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Feb, 2017 | 15:00
Updated At-06 Aug, 2024 | 01:07
Rejected At-
Credits

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Feb, 2017 | 15:00
Updated At:06 Aug, 2024 | 01:07
Rejected At:
▼CVE Numbering Authority (CNA)

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/SimpleMachines/SMF2.1/issues/3522
x_refsource_CONFIRM
https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/06/18/1
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/06/10/7
mailing-list
x_refsource_MLIST
Hyperlink: https://github.com/SimpleMachines/SMF2.1/issues/3522
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/18/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/10/7
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/SimpleMachines/SMF2.1/issues/3522
x_refsource_CONFIRM
x_transferred
https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2016/06/18/1
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2016/06/10/7
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://github.com/SimpleMachines/SMF2.1/issues/3522
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/18/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/10/7
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Feb, 2017 | 15:59
Updated At:13 May, 2026 | 00:24

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

simplemachines
simplemachines
>>simple_machines_forum>>2.1
cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2016/06/10/7cve@mitre.org
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/18/1cve@mitre.org
Mailing List
Patch
Third Party Advisory
https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23ccve@mitre.org
Issue Tracking
Patch
Third Party Advisory
https://github.com/SimpleMachines/SMF2.1/issues/3522cve@mitre.org
Issue Tracking
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/10/7af854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/18/1af854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
Third Party Advisory
https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23caf854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
https://github.com/SimpleMachines/SMF2.1/issues/3522af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/10/7
Source: cve@mitre.org
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/18/1
Source: cve@mitre.org
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/SimpleMachines/SMF2.1/issues/3522
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/10/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/18/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/SimpleMachines/SMF2.1/issues/3522
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

497Records found

CVE-2013-7468
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.49% / 65.56%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 22:00
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.

Action-Not Available
Vendor-simplemachinesn/a
Product-simple_machines_forumn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4173
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-24 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-simplemachinesn/a
Product-smfn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-26982
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-10.49% / 93.31%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.

Action-Not Available
Vendor-simplemachinesn/a
Product-simple_machines_forumn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-5726
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.81%
||
7 Day CHG~0.00%
Published-09 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

Action-Not Available
Vendor-simplemachinesn/a
Product-simple_machines_forumn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-2583
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.27% / 49.95%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 06:31
Updated-21 Apr, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimpleMachines SMF ManageNews.php cross site scripting

A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.

Action-Not Available
Vendor-simplemachinesSimpleMachines
Product-simple_machines_forumSMF
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-2582
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.27% / 49.95%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 06:31
Updated-21 Apr, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimpleMachines SMF ManageAttachments.php cross site scripting

A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.

Action-Not Available
Vendor-simplemachinesSimpleMachines
Product-simple_machines_forumSMF
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.71% / 88.06%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 16:04
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

Action-Not Available
Vendor-caupo.netn/a
Product-cauposhop_pron/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-21.36% / 95.74%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Action-Not Available
Vendor-phpdjn/a
Product-phpdjn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.86% / 90.63%
||
7 Day CHG~0.00%
Published-12 Oct, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.

Action-Not Available
Vendor-picoflat_cmsn/a
Product-picoflat_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-14421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 58.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-61.11% / 98.33%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.

Action-Not Available
Vendor-softpedian/a
Product-livealbumn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-0394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-92.57% / 99.75%
||
7 Day CHG~0.00%
Published-08 Jan, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-61.11% / 98.33%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 16:04
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.

Action-Not Available
Vendor-sigen/a
Product-sigen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4614
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.23% / 84.65%
||
7 Day CHG~0.00%
Published-18 Feb, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-5643
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 69.66%
||
7 Day CHG~0.00%
Published-03 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.

Action-Not Available
Vendor-iczn/a
Product-matchasnsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.52% / 81.37%
||
7 Day CHG~0.00%
Published-04 Jun, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.

Action-Not Available
Vendor-n/aBest Practical Solutions, LLC
Product-rtn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-3229
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-3260
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.60% / 81.87%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-14630
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.86% / 83.20%
||
7 Day CHG~0.00%
Published-17 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.

Action-Not Available
Vendor-[UNKNOWN]Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-3007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.58% / 69.00%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-saas_endpoint_protectionn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-3228
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.79% / 82.90%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-2964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-19.93% / 95.52%
||
7 Day CHG~0.00%
Published-29 Jul, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-foomaticn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-2702
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.35% / 87.42%
||
7 Day CHG~0.00%
Published-27 Oct, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.

Action-Not Available
Vendor-n/aGNU
Product-glibceglibcn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-6345
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-5.55% / 90.34%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in pypa/setuptools

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Action-Not Available
Vendor-pypaPython Software Foundation
Product-pypa/setuptoolssetuptools
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-1830
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-5.7||MEDIUM
EPSS-0.20% / 42.14%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:35
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ekiga attempts to dlopen /tmp/ekiga_test.so

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

Action-Not Available
Vendor-ekigaThe GNOME Project
Product-ekigaEkiga
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-3396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-21.61% / 95.78%
||
7 Day CHG~0.00%
Published-06 Jul, 2006 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-miro_internationaln/a
Product-gallerian/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.10% / 78.16%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) frontend.php or (5) backend.php in projekt01/cms/inc/; or (6) the this_dir parameter to backend/inc/class.filemanager.php. NOTE: vectors 4 and 5 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement.

Action-Not Available
Vendor-der_dirigentn/a
Product-der_dirigentn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5627
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.71% / 88.06%
||
7 Day CHG~0.00%
Published-23 Oct, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter.

Action-Not Available
Vendor-socketmailn/a
Product-socketmailn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.08% / 89.87%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Action-Not Available
Vendor-phpbbn/a
Product-acp_user_registration_modulen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-5040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.97% / 83.70%
||
7 Day CHG~0.00%
Published-02 Nov, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-nucleuscmsjohn_bradshawn/a
Product-nucleusnp_gallery_pluginn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5301
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.70% / 82.42%
||
7 Day CHG~0.00%
Published-17 Oct, 2006 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Action-Not Available
Vendor-phpbbn/a
Product-spamblockermodn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.67% / 90.46%
||
7 Day CHG~0.00%
Published-26 Oct, 2006 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-mambweathern/a
Product-mambweathern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5306
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.33% / 89.00%
||
7 Day CHG~0.00%
Published-17 Oct, 2006 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php.

Action-Not Available
Vendor-phpbbn/a
Product-journals_system_modulen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.23% / 79.29%
||
7 Day CHG~0.00%
Published-26 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009.

Action-Not Available
Vendor-phpbbn/a
Product-phpbb_plusn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5280
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.74% / 82.64%
||
7 Day CHG~0.00%
Published-13 Oct, 2006 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter.

Action-Not Available
Vendor-cuttlefish_multimedia_ltd.n/a
Product-leicestershire_communityportalsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-61.11% / 98.33%
||
7 Day CHG~0.00%
Published-26 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.

Action-Not Available
Vendor-wordsmithn/a
Product-wordsmithn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-4886
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.76% / 89.53%
||
7 Day CHG~0.00%
Published-14 Sep, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.

Action-Not Available
Vendor-auracmsn/a
Product-auracmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-18.81% / 95.35%
||
7 Day CHG~0.00%
Published-01 Nov, 2006 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.

Action-Not Available
Vendor-phpprofilesn/a
Product-phpprofilesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.71% / 88.06%
||
7 Day CHG~0.00%
Published-28 Sep, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.

Action-Not Available
Vendor-chupixn/a
Product-chupix_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-18.47% / 95.30%
||
7 Day CHG+0.57%
Published-20 Sep, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support.

Action-Not Available
Vendor-streamlinen/a
Product-streamlinen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-4906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-62.05% / 98.36%
||
7 Day CHG+0.76%
Published-17 Sep, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

Action-Not Available
Vendor-nuclearbbn/a
Product-nuclearbbn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-24295
Matching Score-4
Assigner-Okta
ShareView Details
Matching Score-4
Assigner-Okta
CVSS Score-8.8||HIGH
EPSS-3.84% / 88.26%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 17:49
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.

Action-Not Available
Vendor-oktaOkta
Product-advanced_server_access_client_for_windowsOkta Advanced Server Access Client
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5418
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.85% / 83.17%
||
7 Day CHG~0.00%
Published-20 Oct, 2006 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Action-Not Available
Vendor-phpbbn/a
Product-searchindexern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-35.87% / 97.12%
||
7 Day CHG~0.00%
Published-26 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.

Action-Not Available
Vendor-dragonfrugaln/a
Product-dfd_cartn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5056
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-81.72% / 99.21%
||
7 Day CHG~0.00%
Published-24 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.

Action-Not Available
Vendor-adodb_litejournalnesspacercmsopen-realtysapidn/aThe CMS Made Simple Foundation
Product-pacercmsopen-realtysapid_cmfjournalnesscms_made_simpleadodb_liten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.66% / 71.27%
||
7 Day CHG~0.00%
Published-26 Sep, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter. NOTE: this issue is disputed by CVE because the applicable require_once is in a function that is not called on a direct request

Action-Not Available
Vendor-phpmyprofilern/a
Product-phpmyprofilern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-4720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.88% / 86.41%
||
7 Day CHG~0.00%
Published-05 Sep, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-jp1_cm2_network_node_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.64% / 89.38%
||
7 Day CHG~0.00%
Published-28 Sep, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Action-Not Available
Vendor-integramodn/a
Product-nederlandn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-24735
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.9||LOW
EPSS-1.68% / 82.32%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 19:43
Updated-22 Apr, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

Action-Not Available
Vendor-Redis Inc.Fedora ProjectOracle CorporationNetApp, Inc.
Product-communications_operations_monitormanagement_services_for_netapp_hcifedoraredismanagement_services_for_element_softwareredis
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-24915
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.33% / 56.15%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 15:34
Updated-16 Apr, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-22-062-01 IPCOMM ipDIO

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).

Action-Not Available
Vendor-ipcommIPCOMM
Product-ipdio_firmwareipdioIPCOMM ipDIO
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found