Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,410)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-1171 1Phpbb 1123 Flash Chat Module Apr 23, 2026 Mar 5, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) ph...Show more Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programsShow less
CVE-2008-1170 1Kcwiki 1Kcwiki Apr 23, 2026 Mar 5, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
CVE-2008-1136 1Synce 1Synce Apr 23, 2026 Mar 4, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.
CVE-2008-1128 1Phpmytourney 1Phpmytourney Apr 23, 2026 Mar 3, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2008-1126 1Barryvan Compo 1Barryvan Compo Manager Apr 23, 2026 Mar 3, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.
CVE-2008-1124 1Podcast Generator 1Podcast Generator Apr 23, 2026 Mar 3, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadp...Show more Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/.Show less
CVE-2008-1123 1Sitebuilder 1Sitebuilder Elite Apr 23, 2026 Mar 3, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestselle...Show more Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php.Show less
CVE-2008-1081 1Opera 1Opera Browser Apr 23, 2026 Feb 29, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
CVE-2008-1074 1Group E 1Group E Apr 23, 2026 Feb 29, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.
CVE-2008-1069 1Quantum Game Library 1Quantum Game Library Apr 23, 2026 Feb 28, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/sm...Show more Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.Show less
CVE-2008-1068 1Portail Web Php 1Portail Web Php Apr 23, 2026 Feb 28, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.ph...Show more Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.Show less
CVE-2008-1067 1Phpqladmin 1Phpqladmin Apr 23, 2026 Feb 28, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php...Show more Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.Show less
CVE-2008-1060 1Wordpress 1Sniplets Plugin Apr 23, 2026 Feb 28, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.
CVE-2008-1059 1Wordpress 1Sniplets Plugin Apr 23, 2026 Feb 28, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
CVE-2008-1051 1Phpprofiles 1Phpprofiles Apr 23, 2026 Feb 27, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
CVE-2008-1046 1Quinsonnas 1Quinsonnas Mail Checker Apr 23, 2026 Feb 27, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
CVE-2008-1043 1Linux Web Shop 1Php User Base Apr 23, 2026 Feb 27, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
CVE-2008-1038 1Drbenhur.com 1Dbhcms Apr 23, 2026 Feb 27, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.
CVE-2008-0858 2Kerio Visnetic 2Kerio Mailserver Visnetic Antivirus Plug In For Mail Server Apr 23, 2026 Feb 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2008-0804 1Thecus 1N5200pro Nas Server Control Panel Apr 23, 2026 Feb 19, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.

Previous 1...289290291...321 Next