Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,413)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-5216 1E Ark 1E Ark Apr 23, 2026 Oct 4, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path...Show more Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.Show less
CVE-2007-5215 1Jacob Hinkle 1Godsend Apr 23, 2026 Oct 4, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. N...Show more Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal.Show less
CVE-2007-5186 1Segue Cms 1Segue Cms Apr 23, 2026 Oct 3, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a differ...Show more PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. NOTE: this issue was disputed, but the dispute was retracted after additional analysis.Show less
CVE-2007-5185 1Phpwcms Xt 1Phpwcms Xt Apr 23, 2026 Oct 3, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2...Show more Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.Show less
CVE-2007-5178 1Mxbb 1Mx Glance Apr 23, 2026 Oct 3, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion...Show more contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.Show less
CVE-2007-5175 1Actsite 1Actsite Apr 23, 2026 Oct 3, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.
CVE-2007-5173 2Openid Phpbb 2Openid Phpbb Apr 23, 2026 Oct 3, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-5167 1Phplister 1Phplister Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter.
CVE-2007-5166 1Sitesys 1Sitesys Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php.
CVE-2007-5165 1Myipacng Stats 1Myipacng Stats Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by...Show more PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before useShow less
CVE-2007-5164 1Universibo 1Universibo Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is...Show more PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct requestShow less
CVE-2007-5163 1Nexty 1Nexty Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE bec...Show more PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct requestShow less
CVE-2007-5160 1Restaurant Management System 1Restaurant Management System Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global....Show more Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php.Show less
CVE-2007-5157 2Php Fidonet Tosser Phpfidonode 2Php Fidonet Tosser Phpfidonode Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to ph...Show more PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post.Show less
CVE-2007-5153 1Sun 2Java System Access Manager Java System Application Server Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-5149 1North Country Public Radio 1Public Media Manager Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir paramete...Show more PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter.Show less
CVE-2007-5148 1Frontaccounting 1Frontaccounting Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts...Show more Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosureShow less
CVE-2007-5147 1Puzzle Apps Cms 1Puzzle Apps Cms Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to (1) core/modules/my/my.module.php or (2) core/modul...Show more Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to (1) core/modules/my/my.module.php or (2) core/modules/xml/xml.module.php; the COREROOT parameter to (3) config.loader.php, (4) platform.loader.php, (5) core.loader.php, (6) person.loader.php, or (7) module.loader.php in core/ or (8) install/steps/step_3.php; or the THISDIR parameter to (9) people.lib.php, (10) general.lib.php, (11) content.lib.php, or (12) templates.lib.php in core/modules/admin/libs/ or (13) core/modules/webstat/MEC/index.php.Show less
CVE-2007-5146 1Der Dirigent 1Der Dirigent Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms...Show more Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) frontend.php or (5) backend.php in projekt01/cms/inc/; or (6) the this_dir parameter to backend/inc/class.filemanager.php. NOTE: vectors 4 and 5 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement.Show less
CVE-2007-5140 1Integramod 1Nederland Apr 23, 2026 Sep 28, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Previous 1...299300301...321 Next