Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-2809

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-14 Sep, 2017 | 19:00
Updated At-16 Sep, 2024 | 20:53
Rejected At-
Credits

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:14 Sep, 2017 | 19:00
Updated At:16 Sep, 2024 | 20:53
Rejected At:
▼CVE Numbering Authority (CNA)

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

Affected Products
Vendor
Tomohiro Nakamura
Product
ansible-vault
Versions
Affected
  • 1.0.4
Problem Types
TypeCWE IDDescription
textN/Acode execution
Type: text
CWE ID: N/A
Description: code execution
Metrics
VersionBase scoreBase severityVector
3.07.5HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/100824
vdb-entry
x_refsource_BID
https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
x_refsource_CONFIRM
https://github.com/tomoh1r/ansible-vault/issues/4
x_refsource_CONFIRM
https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
x_refsource_CONFIRM
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/100824
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/tomoh1r/ansible-vault/issues/4
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/100824
vdb-entry
x_refsource_BID
x_transferred
https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
x_refsource_CONFIRM
x_transferred
https://github.com/tomoh1r/ansible-vault/issues/4
x_refsource_CONFIRM
x_transferred
https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
x_refsource_CONFIRM
x_transferred
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/100824
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/tomoh1r/ansible-vault/issues/4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:14 Sep, 2017 | 19:29
Updated At:13 May, 2026 | 00:24

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

ansible-vault_project
ansible-vault_project
>>ansible-vault>>Versions up to 1.0.4(inclusive)
cpe:2.3:a:ansible-vault_project:ansible-vault:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/100824talos-cna@cisco.com
Third Party Advisory
VDB Entry
https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txttalos-cna@cisco.com
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04talos-cna@cisco.com
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/issues/4talos-cna@cisco.com
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305talos-cna@cisco.com
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/100824af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txtaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/issues/4af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/100824
Source: talos-cna@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
Source: talos-cna@cisco.com
Resource:
Third Party Advisory
Hyperlink: https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
Source: talos-cna@cisco.com
Resource:
Third Party Advisory
Hyperlink: https://github.com/tomoh1r/ansible-vault/issues/4
Source: talos-cna@cisco.com
Resource:
Third Party Advisory
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/100824
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/tomoh1r/ansible-vault/issues/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

499Records found

CVE-2010-2618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.09% / 79.33%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.

Action-Not Available
Vendor-insanevisionsn/a
Product-adapcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1946
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.83% / 92.27%
||
7 Day CHG~0.00%
Published-18 May, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.

Action-Not Available
Vendor-openmairien/a
Product-openregistreciln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-24429
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.85% / 53.90%
||
7 Day CHG+0.02%
Published-10 Jun, 2022 | 20:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Code Injection

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.

Action-Not Available
Vendor-convert-svg-core_projectn/a
Product-convert-svg-coreconvert-svg-core
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-24295
Matching Score-4
Assigner-Okta
ShareView Details
Matching Score-4
Assigner-Okta
CVSS Score-8.8||HIGH
EPSS-17.85% / 96.81%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 17:49
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.

Action-Not Available
Vendor-oktaOkta
Product-advanced_server_access_client_for_windowsOkta Advanced Server Access Client
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-24512
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.56% / 72.16%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:08
Updated-27 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Remote Code Execution Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft CorporationFedora Project
Product-visual_studio_2019visual_studio_2022.netpowershell.net_corefedoraPowerShell 7.2Microsoft Visual Studio 2022 version 17.0.NET 6.0Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)PowerShell 7.0PowerShell 7.1.NET Core 3.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.90% / 85.25%
||
7 Day CHG~0.00%
Published-12 May, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/.

Action-Not Available
Vendor-openmairien/a
Product-openplanningn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.97% / 77.96%
||
7 Day CHG~0.00%
Published-06 May, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter.

Action-Not Available
Vendor-carlos_eduardo_sotelo_pinton/a
Product-0.1.0n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.16% / 86.42%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0678
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.82% / 76.16%
||
7 Day CHG~0.00%
Published-22 Feb, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.

Action-Not Available
Vendor-katalog.hurricanen/a
Product-katalog_stron_hurricanen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-14867
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-6.33% / 92.78%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 08:05
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.

Action-Not Available
Vendor-freeipaRed Hat, Inc.Fedora Project
Product-freeipafedoraipa
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1335
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.90% / 85.25%
||
7 Day CHG~0.00%
Published-09 Apr, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-miftahovnn/a
Product-insky_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0983
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.39% / 81.95%
||
7 Day CHG~0.00%
Published-16 Mar, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.

Action-Not Available
Vendor-utilon/a
Product-rezervin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.40% / 82.00%
||
7 Day CHG~0.00%
Published-16 Mar, 2010 | 18:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.

Action-Not Available
Vendor-dzcpn/a
Product-dev\!l\'z_clanportaln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.96% / 77.94%
||
7 Day CHG~0.00%
Published-26 Apr, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.

Action-Not Available
Vendor-uigan/a
Product-proxyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1215
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.49% / 70.96%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.82% / 76.09%
||
7 Day CHG~0.00%
Published-12 Apr, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-nodesforumn/a
Product-nodesforumn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.31% / 81.33%
||
7 Day CHG~0.00%
Published-26 Mar, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.

Action-Not Available
Vendor-skadaten/a
Product-skadate_online_dating_softwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-16670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.66% / 73.73%
||
7 Day CHG-0.06%
Published-19 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.

Action-Not Available
Vendor-smartbearn/a
Product-soapuin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-5095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.91% / 77.24%
||
7 Day CHG~0.00%
Published-09 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.

Action-Not Available
Vendor-ea-stylen/a
Product-gbookn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-19909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.39% / 69.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 18:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.

Action-Not Available
Vendor-sfun/a
Product-open_journal_systemn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.26% / 66.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.

Action-Not Available
Vendor-sbuildern/a
Product-cms_s.buildern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.64% / 73.45%
||
7 Day CHG~0.00%
Published-28 Nov, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.

Action-Not Available
Vendor-n/aThe PHP Group
Product-mailn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-22985
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-1.00% / 58.61%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 15:33
Updated-16 Apr, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-22-062-01 IPCOMM ipDIO

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history.

Action-Not Available
Vendor-ipcommIPCOMM
Product-ipdio_firmwareipdioIPCOMM ipDIO
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2811
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.25% / 86.81%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2399
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.69% / 74.26%
||
7 Day CHG~0.00%
Published-09 Jul, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.

Action-Not Available
Vendor-dutchmonkeyn/a
Product-dm_filemanagern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2218
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.57% / 72.43%
||
7 Day CHG~0.00%
Published-25 Jun, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.

Action-Not Available
Vendor-david_degnern/a
Product-phpcollegeexchangen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.85% / 76.53%
||
7 Day CHG~0.00%
Published-23 Feb, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.

Action-Not Available
Vendor-cybershaden/a
Product-cybershadecmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0527
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.92% / 89.08%
||
7 Day CHG~0.00%
Published-11 Feb, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

Action-Not Available
Vendor-adaptcmsn/a
Product-adaptcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.11% / 89.53%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 15:14
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.80% / 75.76%
||
7 Day CHG~0.00%
Published-19 Mar, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-phpprobidn/a
Product-php_pro_bidn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0068
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.16% / 80.01%
||
7 Day CHG~0.00%
Published-07 Jan, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.

Action-Not Available
Vendor-n/aMozilla Corporationfreedesktop.org
Product-firefoxxdg-utilsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.16% / 91.41%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 15:14
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-7123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.06% / 89.42%
||
7 Day CHG~0.00%
Published-31 Aug, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.

Action-Not Available
Vendor-zkupn/a
Product-zkupn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.26% / 80.83%
||
7 Day CHG~0.00%
Published-06 Feb, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Action-Not Available
Vendor-groonesworldn/a
Product-glinksn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-7183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.23% / 65.22%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php.

Action-Not Available
Vendor-evacmsn/a
Product-eva_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.11% / 89.53%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 15:14
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.27% / 86.90%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.

Action-Not Available
Vendor-2532gigsn/a
Product-2532gigsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-22947
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-10||CRITICAL
EPSS-98.25% / 99.91%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 00:00
Updated-30 Oct, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-06||Apply updates per vendor instructions.

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Oracle Corporation
Product-communications_cloud_native_core_binding_support_functioncommerce_guided_searchcommunications_cloud_native_core_network_slice_selection_functioncommunications_cloud_native_core_security_edge_protection_proxycommunications_cloud_native_core_service_communication_proxycommunications_cloud_native_core_consolecommunications_cloud_native_core_network_function_cloud_native_environmentcommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_network_exposure_functionspring_cloud_gatewaySpring Cloud GatewaySpring Cloud Gateway
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6665
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.83% / 76.20%
||
7 Day CHG~0.00%
Published-08 Apr, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.

Action-Not Available
Vendor-anantasoftn/a
Product-ananta_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.02% / 78.54%
||
7 Day CHG~0.00%
Published-10 Feb, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.

Action-Not Available
Vendor-a4deskn/a
Product-a4desk_flash_event_calendarn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5175
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.98% / 78.05%
||
7 Day CHG~0.00%
Published-03 Oct, 2007 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.

Action-Not Available
Vendor-actsiten/a
Product-actsiten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5696
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.14% / 62.83%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module.

Action-Not Available
Vendor-phpbasicn/a
Product-phpbasicn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6132
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-26.14% / 97.74%
||
7 Day CHG-0.11%
Published-13 Feb, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.

Action-Not Available
Vendor-brickhostn/a
Product-phpscheduleitn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-5938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.39% / 81.95%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.

Action-Not Available
Vendor-modxcmsn/a
Product-modxcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-5947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.83% / 76.24%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.

Action-Not Available
Vendor-yapbbn/a
Product-yapbbn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6531
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.82% / 76.18%
||
7 Day CHG+0.07%
Published-26 Mar, 2009 | 20:28
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6513
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.91% / 89.01%
||
7 Day CHG~0.00%
Published-24 Mar, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.

Action-Not Available
Vendor-aphpkbn/a
Product-aphpkbn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.37% / 87.29%
||
7 Day CHG~0.00%
Published-06 Apr, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.

Action-Not Available
Vendor-abwebn/a
Product-minimal-ablogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6305
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.82% / 76.16%
||
7 Day CHG~0.00%
Published-26 Feb, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter.

Action-Not Available
Vendor-freedirectoryscriptn/a
Product-free_directory_scriptn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.13% / 62.45%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter.

Action-Not Available
Vendor-shatmn/a
Product-sharedlogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 9
  • 10
  • Next
Details not found