CWE-94
6,544 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVEs (6,544)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded vi...Show more |
1Fabian 1E Commerce Website Jun 17, 2026 Oct 28, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_...Show more |
1Remyandrade 1Student Grades Management System Jun 17, 2026 Oct 28, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be perfo...Show more |
1Fabian 1E Commerce Website Jun 17, 2026 Oct 27, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site...Show more |
1Fabian 1E Commerce Website Jun 17, 2026 Oct 27, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site sc...Show more |
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body result...Show more |
1Phpgurukul 1Curfew E Pass Management System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting....Show more |
1Phpgurukul 1Curfew E Pass Management System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross s...Show more |
1Phpgurukul 1Curfew E Pass Management System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a manipulation of the argument adminname/email can lead to cro...Show more |
1Fabian 1Simple Food Ordering System Jun 17, 2026 Oct 27, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price result...Show more |
1Fabian 1Simple Food Ordering System Jun 17, 2026 Oct 27, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scriptin...Show more |
1Fabian 1Simple Food Ordering System Jun 17, 2026 Oct 27, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in...Show more |
1Fabian 1Simple Food Ordering System Jun 17, 2026 Oct 27, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is pos...Show more |
A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of...Show more |
A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/c...Show more |
1Fabian 1Client Details System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can b...Show more |
1Fabian 1Client Details System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 5.4 MEDIUM· v3 3.3 LOW· v2 A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to lau...Show more |
1Fabian 1Client Details System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 5.4 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to...Show more |
1Fabian 1Client Details System Jun 17, 2026 Oct 27, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed fr...Show more |
A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manip...Show more |