Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,413)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-5362 3Ag Solutions JoomlaMambo 3Joomla MamboMosmedia Lite Apr 23, 2026 Oct 11, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mos...Show more Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.Show less
CVE-2007-5321 1Verlihub Project 1Verlihub Control Panel Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
CVE-2007-4466 1Electronic Arts 1Snoopyctrl Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.
CVE-2007-3899 1Microsoft 2Office Word Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corrupt...Show more Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."Show less
CVE-2007-3892 1Microsoft 1Internet Explorer Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
CVE-2007-2217 1Kodak 1Image Viewer Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonst...Show more Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.Show less
CVE-2007-5315 1Softpedia 1Livealbum Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.
CVE-2007-5314 1Xkiosk 1Xkiosk Web Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
CVE-2007-5313 1Script Solution.de 1Picturesolution Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-5310 2Joomla Webmaster Tips.net 2Flash Image Gallery Joomla Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the...Show more PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2007-5309 2Joomla Webmaster Tips.net 2Flash Image Gallery Joomla Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in...Show more PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.Show less
CVE-2007-5307 1Yannick Tanguy 1Else If Cms Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP...Show more ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS.Show less
CVE-2007-5305 1Yannick Tanguy 1Else If Cms Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire...Show more Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.Show less
CVE-2007-5298 1Creamotion 1Creamotion Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administ...Show more Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.Show less
CVE-2007-5295 1Wikepage 1Opus Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName pa...Show more Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters.Show less
CVE-2007-5294 1Idmos 1Idmos Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta (aka Phoenix) allows remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter.
CVE-2007-5271 1Trionic 1Cite Cms Apr 23, 2026 Oct 8, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom...Show more Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php.Show less
CVE-2007-5234 1Ossigeno 1Ossigeno Apr 23, 2026 Oct 5, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.
CVE-2007-5224 1Jimmac 1Original Photo Gallery Apr 23, 2026 Oct 5, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call.
CVE-2007-5221 1Poppawid 1Poppawid Apr 23, 2026 Oct 5, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.

Previous 1...298299300...321 Next