Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,413)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-5994 1Yappa Ng 1Yappa Ng Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[pa...Show more PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.Show less
CVE-2007-5914 1Jean Charles 1Jbc Explorer Apr 23, 2026 Nov 10, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can...Show more Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.Show less
CVE-2007-5741 1Plone 1Plone Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module...Show more Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.Show less
CVE-2007-5845 1Guppy 1Guppy Apr 23, 2026 Nov 6, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged...Show more Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.Show less
CVE-2007-5843 1Scwiki 1Scwiki Apr 23, 2026 Nov 6, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
CVE-2007-5842 1Vortex Portal 1Vortex Portal Apr 23, 2026 Nov 6, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/che...Show more Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.Show less
CVE-2007-5841 1Nuboard 1Nuboard Apr 23, 2026 Nov 6, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-5840 1Syndeocms 1Syndeocms Apr 23, 2026 Nov 6, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector t...Show more PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.Show less
CVE-2007-5837 1Yarssr 1Yarssr Apr 23, 2026 Nov 5, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.
CVE-2007-5822 1Scribe 1Scribe Apr 23, 2026 Nov 5, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action...Show more Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.Show less
CVE-2007-5800 1Tom Willmot 1Backupwordpress Plugin Apr 23, 2026 Nov 3, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) p...Show more Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.Show less
CVE-2007-5786 1A Enterprise 1Gosamba Apr 23, 2026 Nov 1, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigab...Show more Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.Show less
CVE-2007-5785 1Jobsiteprofessional 1Jobsite Professional Apr 23, 2026 Nov 1, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5784 1Caupo.net 1Cauposhop Pro Apr 23, 2026 Nov 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2007-5783 1Emagic Cms 1Emagic Cms.net Apr 23, 2026 Nov 1, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
CVE-2007-5781 1Sige 1Sige Apr 23, 2026 Nov 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
CVE-2007-5780 1Telematic Lab 1Teatro Apr 23, 2026 Nov 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
CVE-2007-5775 1Bitdefender 3Antivirus Internet SecurityTotal Security Apr 23, 2026 Nov 1, 2007 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable infor...Show more Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.Show less
CVE-2007-5772 1Flatnuke3 1Flatnuke3 Apr 23, 2026 Nov 1, 2007 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by sav...Show more Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.Show less
CVE-2007-5754 1Phpfaber 1Urlinn Apr 23, 2026 Oct 31, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter.

Previous 1...295296297...321 Next