Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,413)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-5737 1Ghlab 1Korean Ghboard Apr 23, 2026 Oct 30, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.
CVE-2007-5733 1Japanese Php Gallery Hosting 1Japanese Php Gallery Hosting Apr 23, 2026 Oct 30, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath paramete...Show more Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-5721 1Myspacepros 1Myspace Resource Script Apr 23, 2026 Oct 30, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in _theme/breadcrumb.php in MySpacePros MySpace Resource Script (MSRS) 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the rootBase parameter.
CVE-2007-5720 1Profilecms 1Profilecms Apr 23, 2026 Oct 30, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.
CVE-2007-5705 1Jeeblestechnology 1Jeebles Directory Apr 23, 2026 Oct 29, 2007 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to set...Show more Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2007-5697 1Phpimage 1Php Image Apr 23, 2026 Oct 29, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to (1) xarg_corner.php, (2) xarg_corner_bottom.php, and (3) xarg_co...Show more Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to (1) xarg_corner.php, (2) xarg_corner_bottom.php, and (3) xarg_corner_top.php.Show less
CVE-2007-5696 1Phpbasic 1Phpbasic Apr 23, 2026 Oct 29, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module.
CVE-2007-5693 1Sitebar 1Sitebar Apr 23, 2026 Oct 29, 2007 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerabil...Show more Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492.Show less
CVE-2007-5676 1Futurenuke 1Platinum Apr 23, 2026 Oct 24, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nuke_bb_root_path parameter.
CVE-2007-5641 1Phppm 1Php Project Management Apr 23, 2026 Oct 23, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) ema...Show more Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.Show less
CVE-2007-5631 1Peopleaggregator 1Peopleaggregator Apr 23, 2026 Oct 23, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter t...Show more Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.Show less
CVE-2007-5628 1Towels 1Towels Apr 23, 2026 Oct 23, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter.
CVE-2007-5627 1Socketmail 1Socketmail Apr 23, 2026 Oct 23, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter.
CVE-2007-5600 1Artmedic Webdesign 1Artmedic Cms Apr 23, 2026 Oct 19, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in th...Show more Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.Show less
CVE-2007-5599 1Awrate 1Awrate Apr 23, 2026 Oct 19, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-63...Show more Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368.Show less
CVE-2007-5593 2Drupal Fedoraproject 2Drupal Fedora Apr 23, 2026 Oct 19, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
CVE-2007-5592 1Awzmb 1Awzmb Apr 23, 2026 Oct 19, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) ad...Show more Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.Show less
CVE-2007-5574 1Phpdj 1Phpdj Apr 23, 2026 Oct 18, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2007-5573 1Limesurvey 1Limesurvey Apr 23, 2026 Oct 18, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-5567 1Galmeta 1Galmeta Post Apr 23, 2026 Oct 18, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.

Previous 1...296297298...321 Next