Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,413)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-0382 1Mybulletinboard 1Mybulletinboard Apr 23, 2026 Jan 22, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
CVE-2008-0376 1Softpedia 1Small Axe Weblog Apr 23, 2026 Jan 22, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.
CVE-2008-0302 1Debian 1Apt Listchanges Apr 23, 2026 Jan 17, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
CVE-2008-0289 1Mansion Productions 1Member Area System Apr 23, 2026 Jan 16, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector migh...Show more PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year."Show less
CVE-2008-0287 1Visionburst 1Vcart Apr 23, 2026 Jan 16, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.
CVE-2008-0283 1Domphp 1Domphp Apr 23, 2026 Jan 15, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2008-0251 1Photopost 1Photopost Vbgallery Apr 23, 2026 Jan 12, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
CVE-2008-0235 1Microsoft 1Vfp Ole Server Activex Control Apr 23, 2026 Jan 11, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.
CVE-2008-0230 1Osdate 1Osdate Apr 23, 2026 Jan 11, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.
CVE-2008-0222 1Wordpress 1Filemanager Apr 23, 2026 Jan 10, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.
CVE-2007-6678 - - Nov 7, 2023 Jan 10, 2008 N/A· v4 N/A· v3 N/A· v2 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6167. Reason: This candidate is a duplicate of CVE-2007-6167. Notes: All CVE users should reference CVE-2007-6167 instead of this candidate. All...Show more Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6167. Reason: This candidate is a duplicate of CVE-2007-6167. Notes: All CVE users should reference CVE-2007-6167 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usageShow less
CVE-2008-0202 1Expressionengine 1Expressionengine Apr 23, 2026 Jan 10, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
CVE-2008-0143 1Spacial Audio Solutions 2Sam Broadcaster Samphpweb Apr 23, 2026 Jan 8, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parame...Show more PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.Show less
CVE-2007-6657 1Mihalism 1Multi Host Apr 23, 2026 Jan 4, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter.
CVE-2007-6655 1Matpo Bilder Galerie 1Kontakt Formular Apr 23, 2026 Jan 4, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-6652 1Xcms 1Xcms Apr 23, 2026 Jan 4, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter...Show more cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).Show less
CVE-2007-6649 1Matpo Bilder Galerie 1Matpo Bilder Galerie Apr 23, 2026 Jan 4, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
CVE-2007-6632 1Xml2owl 1Xml2owl Apr 23, 2026 Jan 4, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.
CVE-2007-6615 1Agares Media 1Phpautovideo Apr 23, 2026 Jan 3, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider pa...Show more Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter.Show less
CVE-2007-6614 1Agares Media 1Phpautovideo Apr 23, 2026 Jan 3, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CV...Show more PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542.Show less

Previous 1...292293294...321 Next