Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,413)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-6296 1Phpmychat 1Phpmychat Apr 23, 2026 Dec 10, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
CVE-2007-6289 1Iptel 1Serweb Apr 23, 2026 Dec 10, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[fun...Show more Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.Show less
CVE-2007-4575 1Openoffice 1Openoffice Apr 23, 2026 Dec 6, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
CVE-2007-5615 1Mortbay Jetty 1Jetty Apr 23, 2026 Dec 5, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2007-6231 1Tellmatic 1Tellmatic Apr 23, 2026 Dec 4, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) stat...Show more Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.Show less
CVE-2007-6229 1Rayzz 1Rayzz Script Apr 23, 2026 Dec 4, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
CVE-2007-6191 1Pmapper 1P.mapper Apr 23, 2026 Nov 30, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2)...Show more Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.Show less
CVE-2007-6177 1Php Con 1Php Con Apr 23, 2026 Nov 30, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
CVE-2007-6147 1Iaprcommence 1Iapr Commence Apr 23, 2026 Nov 27, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to vario...Show more Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.Show less
CVE-2007-6139 1Mp3 1Toolbox Apr 23, 2026 Nov 27, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
CVE-2007-6105 1Talkback 1Talkback Apr 23, 2026 Nov 23, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separa...Show more Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.Show less
CVE-2007-6089 1Mebiblio 1Mebiblio Apr 23, 2026 Nov 22, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2007-6088 1Phpbbviet 1Phpbbviet Apr 23, 2026 Nov 22, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-6082 1Sciurus 1Sciurus Hosting Panel Apr 23, 2026 Nov 22, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by acces...Show more Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.Show less
CVE-2007-6057 1Datecomm 1Social Networking Script Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.
CVE-2007-6042 1Swsoft 1Confixx Professional Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this in...Show more PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2007-6038 1Joomlaequipment 1Juser Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path paramete...Show more PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2007-6029 1Clam Anti Virus 1Clamav Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information s...Show more Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.Show less
CVE-2007-6027 1Justjoomla 1Carousel Flash Image Gallery Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_ab...Show more PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2007-5995 1Php Tools 1Patbbcode Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.

Previous 1...294295296...321 Next