← Back
CWE-94

6,544 CVEs • Abstraction: Base • Likelihood of Exploit: Medium

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

JSON object

Loading...

CVEs (6,544)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
-
-
Jun 17, 2026
Oct 28, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded vi...Show more
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.Show less
1Fabian
1E Commerce Website
Jun 17, 2026
Oct 28, 2025
2.1 LOW· v4
6.1 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_...Show more
A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_address causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.Show less
1Remyandrade
1Student Grades Management System
Jun 17, 2026
Oct 28, 2025
1.9 LOW· v4
4.8 MEDIUM· v3
3.3 LOW· v2
A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be perfo...Show more
A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.Show less
1Fabian
1E Commerce Website
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
6.1 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site...Show more
A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used.Show less
1Fabian
1E Commerce Website
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
6.1 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site sc...Show more
A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
1Matthewdeaves
1Willow Cms
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
4.8 MEDIUM· v3
3.3 LOW· v2
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body result...Show more
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.Show less
1Phpgurukul
1Curfew E Pass Management System
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
4.8 MEDIUM· v3
3.3 LOW· v2
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting....Show more
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used.Show less
1Phpgurukul
1Curfew E Pass Management System
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
4.8 MEDIUM· v3
3.3 LOW· v2
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross s...Show more
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.Show less
1Phpgurukul
1Curfew E Pass Management System
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
4.8 MEDIUM· v3
3.3 LOW· v2
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a manipulation of the argument adminname/email can lead to cro...Show more
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.Show less
1Fabian
1Simple Food Ordering System
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
6.1 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price result...Show more
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.Show less
1Fabian
1Simple Food Ordering System
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
6.1 MEDIUM· v3
5.0 MEDIUM· v2
A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scriptin...Show more
A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.Show less
1Fabian
1Simple Food Ordering System
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
6.1 MEDIUM· v3
5.0 MEDIUM· v2
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in...Show more
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.Show less
1Fabian
1Simple Food Ordering System
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
6.1 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is pos...Show more
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.Show less
-
-
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
4.3 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of...Show more
A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
-
-
Jun 17, 2026
Oct 27, 2025
2.1 LOW· v4
4.3 MEDIUM· v3
5.0 MEDIUM· v2
A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/c...Show more
A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
1Fabian
1Client Details System
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
4.8 MEDIUM· v3
3.3 LOW· v2
A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can b...Show more
A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.Show less
1Fabian
1Client Details System
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
5.4 MEDIUM· v3
3.3 LOW· v2
A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to lau...Show more
A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.Show less
1Fabian
1Client Details System
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
5.4 MEDIUM· v3
3.3 LOW· v2
A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to...Show more
A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.Show less
1Fabian
1Client Details System
Jun 17, 2026
Oct 27, 2025
1.9 LOW· v4
4.8 MEDIUM· v3
3.3 LOW· v2
A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed fr...Show more
A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.Show less
1Learnhouse
1Learnhouse
Jun 17, 2026
Oct 27, 2025
2.0 LOW· v4
5.4 MEDIUM· v3
4.0 MEDIUM· v2
A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manip...Show more
A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.Show less