Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,410)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-3402 1Hscripts 1Hiox Random Ad Apr 23, 2026 Jul 31, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
CVE-2008-3401 1Hscripts 1Hiox Random Ad Apr 23, 2026 Jul 31, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3399 1Xrms 1Xrms Crm Apr 23, 2026 Jul 31, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory paramete...Show more PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.Show less
CVE-2008-3368 1Atutor 1Atutor Apr 23, 2026 Jul 30, 2008 N/A· v4 N/A· v3 6.5 MEDIUM· v2 PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
CVE-2008-3354 1Runcms 2Newbb Plus Module Runcms Apr 23, 2026 Jul 28, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls....Show more Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-3335 1Punbb 1Punbb Apr 23, 2026 Jul 27, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
CVE-2008-3332 1Mantis 1Mantis Apr 23, 2026 Jul 27, 2008 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
CVE-2008-3313 1Creacms 1Creacms Apr 23, 2026 Jul 25, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.p...Show more Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-3311 1Adam Scheinberg 1Flip Apr 23, 2026 Jul 25, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
CVE-2008-3308 1Carlos Desseno 1Youtube Blog Apr 23, 2026 Jul 25, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo par...Show more PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.Show less
CVE-2008-3298 1Social Engine 1Social Engine Apr 23, 2026 Jul 25, 2008 N/A· v4 N/A· v3 6.0 MEDIUM· v2 SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
CVE-2008-3294 1Vim 1Vim Apr 23, 2026 Jul 24, 2008 N/A· v4 N/A· v3 3.7 LOW· v2 src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute ar...Show more src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.Show less
CVE-2008-3285 1Alain Barbet 1Filesys Smbclientparser Apr 23, 2026 Jul 24, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
CVE-2008-3246 2Blackberry Rim 7Blackberry Enterprise Server Blackberry Enterprise Server For DominoBlackberry Enterprise Server For Exchange+4 more Apr 23, 2026 Jul 21, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5)...Show more Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.Show less
CVE-2008-3232 1Dotclear 1Dotclear Apr 23, 2026 Jul 18, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it...Show more Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.Show less
CVE-2008-3207 1Pragyan 1Praygan Cms Apr 23, 2026 Jul 18, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) m...Show more PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.Show less
CVE-2008-3198 1Mozilla 1Firefox Apr 23, 2026 Jul 17, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to...Show more Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.Show less
CVE-2008-3183 1Gapi Cms 1Gapicms Apr 23, 2026 Jul 15, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter.
CVE-2008-3167 1Boonex 1Dolphin Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSa...Show more Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.Show less
CVE-2008-3166 1Boonex 1Ray Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter...Show more PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.Show less

Previous 1...282283284...321 Next