Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,510)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13076 1Phpgurukul 1Land Record System Jun 17, 2026 Dec 31, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argu...Show more A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13075 1Phpgurukul 1Land Record System Jun 17, 2026 Dec 31, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Ty...Show more A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13074 1Phpgurukul 1Land Record System Jun 17, 2026 Dec 31, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scriptin...Show more A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13069 1Rems 1Multi Role Login System Jun 17, 2026 Dec 31, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name le...Show more A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13034 1Code Projects 1Chat System Jun 17, 2026 Dec 30, 2024 5.3 MEDIUM· v4 7.6 HIGH· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site...Show more A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13033 1Code Projects 1Chat System Jun 17, 2026 Dec 30, 2024 5.3 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argumen...Show more A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13031 1Antabot 1White Jotter Jun 17, 2026 Dec 30, 2024 5.1 MEDIUM· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor. The manipulation le...Show more A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13023 1Phpgurukul 1Maid Hiring Management System Jun 17, 2026 Dec 29, 2024 5.1 MEDIUM· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/search-maid.php of the component Search Maid Page....Show more A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/search-maid.php of the component Search Maid Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13021 1Rems 1Road Accident Map Marker Jun 17, 2026 Dec 29, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulati...Show more A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name/details leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.Show less
CVE-2024-13019 1Code Projects 1Chat System Jun 17, 2026 Dec 29, 2024 5.3 MEDIUM· v4 4.6 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argum...Show more A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.Show less
CVE-2024-13018 1Phpgurukul 1Maid Hiring Management System Jun 17, 2026 Dec 29, 2024 5.1 MEDIUM· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation of the argument nam...Show more A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely.Show less
CVE-2024-13017 1Phpgurukul 1Maid Hiring Management System Jun 17, 2026 Dec 29, 2024 5.1 MEDIUM· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/aboutus.php of the component About Us Page. The m...Show more A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/aboutus.php of the component About Us Page. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely.Show less
CVE-2024-13015 1Phpgurukul 1Maid Hiring Management System Jun 17, 2026 Dec 29, 2024 5.1 MEDIUM· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulatio...Show more A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely.Show less
CVE-2024-13013 1Phpgurukul 1Maid Hiring Management System Jun 17, 2026 Dec 29, 2024 5.1 MEDIUM· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability, which was classified as problematic, was found in PHPGurukul Maid Hiring Management System 1.0. Affected is an unknown function of the file /admin/contactus.php of the component Contact Us Page. The mani...Show more A vulnerability, which was classified as problematic, was found in PHPGurukul Maid Hiring Management System 1.0. Affected is an unknown function of the file /admin/contactus.php of the component Contact Us Page. The manipulation of the argument page title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13012 1Fabian 1Hostel Management System Jun 17, 2026 Dec 29, 2024 5.3 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The manipulation of the...Show more A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The manipulation of the argument fname/mname/lname leads to cross site scripting. The attack may be initiated remotely.Show less
CVE-2024-12238 1Ninjaforms 1Ninja Forms Jun 17, 2026 Dec 29, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing us...Show more The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.Show less
CVE-2024-12998 1Fabian 1Online Car Rental System Jun 17, 2026 Dec 28, 2024 6.9 MEDIUM· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation...Show more A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-12995 - - Jun 17, 2026 Dec 28, 2024 5.3 MEDIUM· v4 3.5 LOW· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulatio...Show more A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-50715 1Smarts Srl 1Smart Agent Jun 17, 2026 Dec 27, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component.
CVE-2024-12991 - - Jun 17, 2026 Dec 27, 2024 5.3 MEDIUM· v4 3.5 LOW· v3 4.0 MEDIUM· v2 A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the...Show more A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert(5888)%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...117118119...326 Next