Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-9115

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Feb, 2019 | 04:00
Updated At-04 Aug, 2024 | 21:38
Rejected At-
Credits

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Feb, 2019 | 04:00
Updated At:04 Aug, 2024 | 21:38
Rejected At:
▼CVE Numbering Authority (CNA)

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/irisnet/irisnet-crypto/issues/60
x_refsource_MISC
Hyperlink: https://github.com/irisnet/irisnet-crypto/issues/60
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/irisnet/irisnet-crypto/issues/60
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/irisnet/irisnet-crypto/issues/60
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Feb, 2019 | 04:29
Updated At:21 Jul, 2021 | 11:39

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
irisnet
irisnet
>>irisnet-crypto>>Versions before 1.1.7(exclusive)
cpe:2.3:a:irisnet:irisnet-crypto:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/irisnet/irisnet-crypto/issues/60cve@mitre.org
Third Party Advisory
Hyperlink: https://github.com/irisnet/irisnet-crypto/issues/60
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

912Records found
CVE-2009-3333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.14%
||
7 Day CHG~0.00%
Published-23 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-alibastan/aMamboServer
Product-com_koesubmitmambon/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.00%
||
7 Day CHG~0.00%
Published-23 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/.

Action-Not Available
Vendor-frank_lichtenheldn/a
Product-fsphpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.73%
||
7 Day CHG~0.00%
Published-15 Sep, 2009 | 21:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter.

Action-Not Available
Vendor-david_frohlichn/a
Product-phpsanen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.56%
||
7 Day CHG~0.00%
Published-09 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2635
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.21%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-joomlacom_realestatemanagern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 80.96%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-visocrean/aJoomla!
Product-joomla\!com_joomla_visitesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3065
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.94%
||
7 Day CHG~0.00%
Published-03 Sep, 2009 | 17:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.

Action-Not Available
Vendor-rein_veltn/a
Product-veditn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.21%
||
7 Day CHG~0.00%
Published-11 Sep, 2009 | 20:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.

Action-Not Available
Vendor-odelaon/a
Product-obophixn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2791
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.65%
||
7 Day CHG~0.00%
Published-17 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.

Action-Not Available
Vendor-webdynamiten/a
Product-projectbutlern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2637
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.76%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-com_booklibraryjoomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.21%
||
7 Day CHG~0.00%
Published-24 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.

Action-Not Available
Vendor-trazan/a
Product-auroran/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1868
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-07 May, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.76%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-joomlacom_medialibraryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.83% / 82.17%
||
7 Day CHG+0.04%
Published-01 Jun, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php.

Action-Not Available
Vendor-snipegalleryn/a
Product-snipe_galleryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2633
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.76%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-joomlacom_vehiclemanagern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.10% / 83.36%
||
7 Day CHG~0.00%
Published-01 Jun, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

Action-Not Available
Vendor-jv2designn/a
Product-jv2_folder_galleryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.09%
||
7 Day CHG~0.00%
Published-23 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.

Action-Not Available
Vendor-thecodeweaseln/a
Product-opensiteadminn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3056
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.21%
||
7 Day CHG~0.00%
Published-03 Sep, 2009 | 17:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.

Action-Not Available
Vendor-bas_bloemsaatn/a
Product-kingcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.78%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

Action-Not Available
Vendor-komputer.boon/a
Product-gnat-tgpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1337
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-09 Apr, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.

Action-Not Available
Vendor-lussumon/a
Product-vanillan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-4264
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.8||CRITICAL
EPSS-4.64% / 88.86%
||
7 Day CHG~0.00%
Published-18 May, 2024 | 00:00
Updated-03 Sep, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in berriai/litellm

A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`.

Action-Not Available
Vendor-berriaiberriai
Product-berriai/litellmlitellm
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1106
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.68%
||
7 Day CHG~0.00%
Published-25 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.

Action-Not Available
Vendor-advertisementmanagern/a
Product-advertisementmanagern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.94%
||
7 Day CHG~0.00%
Published-28 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.

Action-Not Available
Vendor-bluevirus-designn/a
Product-sma-dbn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-28 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450.

Action-Not Available
Vendor-bluevirus-designn/a
Product-sma-dbn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1383
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.90%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 20:16
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.

Action-Not Available
Vendor-forkoshn/a
Product-mathtexn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 76.31%
||
7 Day CHG~0.00%
Published-27 Apr, 2009 | 19:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.

Action-Not Available
Vendor-webportaln/a
Product-webportal_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-22965
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-94.46% / 99.99%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-25||Apply updates per vendor instructions.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Siemens AGVeritas Technologies LLCVMware (Broadcom Inc.)Oracle Corporation
Product-communications_cloud_native_core_unified_data_repositorycx_cloud_agentfinancial_services_analytical_applications_infrastructurenetbackup_appliancesimatic_speech_assistant_for_machinescommunications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_automated_test_suitesd-wan_edgeretail_customer_management_and_segmentation_foundationcommunications_cloud_native_core_network_exposure_functionaccess_applianceflex_appliancenetbackup_virtual_applianceretail_bulk_data_integrationfinancial_services_behavior_detection_platformsipass_integratednetbackup_flex_scale_appliancesiveillance_identitycommunications_policy_managementcommunications_cloud_native_core_network_slice_selection_functionspring_frameworkcommunications_cloud_native_core_security_edge_protection_proxysinec_network_management_systemcommunications_unified_inventory_managementweblogic_servercommerce_platformretail_financial_integrationcommunications_cloud_native_core_policycommunications_cloud_native_core_network_function_cloud_native_environmentcommunications_cloud_native_core_consolemysql_enterprise_monitorretail_xstore_point_of_servicejdkcommunications_cloud_native_core_network_repository_functionfinancial_services_enterprise_case_managementoperation_schedulerretail_integration_busretail_merchandising_systemproduct_lifecycle_analyticsSpring FrameworkSpring Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1822
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.49%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 16:24
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php.

Action-Not Available
Vendor-gonzalo_masern/aJoomla!
Product-joomla\!com_artformsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.14%
||
7 Day CHG~0.00%
Published-26 Mar, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.

Action-Not Available
Vendor-phppowern/a
Product-swinger_club_portaln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-22963
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-94.47% / 100.00%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-15||Apply updates per vendor instructions.

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Action-Not Available
Vendor-n/aOracle CorporationVMware (Broadcom Inc.)
Product-banking_liquidity_managementbanking_trade_finance_process_managementbanking_supply_chain_financecommunications_cloud_native_core_automated_test_suitebanking_branchcommunications_cloud_native_core_network_function_cloud_native_environmentcommunications_communications_policy_managementbanking_cash_managementcommunications_cloud_native_core_security_edge_protection_proxyfinancial_services_enterprise_case_managementcommunications_cloud_native_core_network_slice_selection_functioncommunications_cloud_native_core_unified_data_repositorycommunications_cloud_native_core_consolebanking_electronic_data_exchange_for_corporatesspring_cloud_functioncommunications_cloud_native_core_policyretail_xstore_point_of_servicefinancial_services_analytical_applications_infrastructuremysql_enterprise_monitorcommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_network_exposure_functionbanking_virtual_account_managementbanking_originationfinancial_services_behavior_detection_platformsd-wan_edgebanking_credit_facilities_process_managementbanking_corporate_lending_process_managementproduct_lifecycle_analyticsSpring Cloud FunctionSpring Cloud
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2017-20095
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.45% / 62.76%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 06:45
Updated-15 Apr, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Ads Manager Plugin code injection

A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.

Action-Not Available
Vendor-simple_ads_manager_projectunspecified
Product-simple_ads_managerSimple Ads Manager Plugin
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4622
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.71%
||
7 Day CHG~0.00%
Published-18 Jan, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572.

Action-Not Available
Vendor-legrindern/a
Product-drunken\n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.

Action-Not Available
Vendor-moviephpn/a
Product-movie_php_scriptn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.33% / 88.45%
||
7 Day CHG~0.00%
Published-04 Jan, 2010 | 17:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.

Action-Not Available
Vendor-isolsoftn/a
Product-support_centern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4948
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.50% / 80.37%
||
7 Day CHG~0.00%
Published-09 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Action-Not Available
Vendor-phpgalleryscriptn/a
Product-php_free_photo_galleryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4693
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 78.00%
||
7 Day CHG~0.00%
Published-10 Mar, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/.

Action-Not Available
Vendor-grafxsoftwaren/a
Product-minicwbn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-20099
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.46% / 63.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 18:11
Updated-15 Apr, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Analytics Stats Counter Statistics Plugin code injection

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.

Action-Not Available
Vendor-analytics_stats_counter_statistics_projectunspecified
Product-analytics_stats_counter_statisticsAnalytics Stats Counter Statistics Plugin
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-21686
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9||CRITICAL
EPSS-0.62% / 69.25%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 20:10
Updated-23 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Twig Template Injection in PrestaShop

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

Action-Not Available
Vendor-PrestaShop S.A
Product-prestashopPrestaShop
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.09%
||
7 Day CHG~0.00%
Published-05 Jul, 2009 | 16:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.

Action-Not Available
Vendor-cms.tut.sun/a
Product-cms_chainukn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.24% / 78.38%
||
7 Day CHG~0.00%
Published-22 Jun, 2009 | 14:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.

Action-Not Available
Vendor-firestatsn/aWordPress.org
Product-wordpressfirestatsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-3927
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 77.71%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.

Action-Not Available
Vendor-mrlg4php_projectn/a
Product-mrlg4phpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.52%
||
7 Day CHG~0.00%
Published-30 Jun, 2009 | 10:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder.

Action-Not Available
Vendor-myiosoftn/a
Product-ajaxportaln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.01% / 91.73%
||
7 Day CHG~0.00%
Published-06 May, 2009 | 15:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php.

Action-Not Available
Vendor-qt-cuten/a
Product-quickteamn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-23281
Matching Score-4
Assigner-Eaton
ShareView Details
Matching Score-4
Assigner-Eaton
CVSS Score-10||CRITICAL
EPSS-0.58% / 67.86%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:03
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code execution

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

Action-Not Available
Vendor-eatonEaton
Product-intelligent_power_managerIntelligent Power manager (IPM)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0639
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.81%
||
7 Day CHG~0.00%
Published-18 Feb, 2009 | 16:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.

Action-Not Available
Vendor-phpyabsn/a
Product-phpyabsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.14%
||
7 Day CHG~0.00%
Published-06 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.

Action-Not Available
Vendor-acutecpn/a
Product-acute_control_paneln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-23037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.49%
||
7 Day CHG~0.00%
Published-22 Oct, 2021 | 19:20
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

Action-Not Available
Vendor-portablen/a
Product-playablen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-0297
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.8||CRITICAL
EPSS-94.00% / 99.88%
||
7 Day CHG~0.00%
Published-14 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in pyload/pyload

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

Action-Not Available
Vendor-pyloadpyload
Product-pyloadpyload/pyload
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.68%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 20:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php.

Action-Not Available
Vendor-sirinin/a
Product-grboardn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.03%
||
7 Day CHG~0.00%
Published-16 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found