Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,409)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-5302 1Redaction System 1Redaction System Apr 23, 2026 Oct 17, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/co...Show more Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/conn.php, or (d) wap/sesscheck.php, or the (2) lang parameter to (e) index.php.Show less
CVE-2006-5301 1Phpbb 1Spamblockermod Apr 23, 2026 Oct 17, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5291 1Alex 1Downloadengine Apr 23, 2026 Oct 16, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analys...Show more PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656.Show less
CVE-2006-5280 1Cuttlefish Multimedia Ltd. 1Leicestershire Communityportals Apr 23, 2026 Oct 13, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path...Show more PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter.Show less
CVE-2006-5258 1Asbru Software 2Asbru Web Content Management Asbru Website Manager Apr 23, 2026 Oct 12, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary command...Show more The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked.Show less
CVE-2006-4696 1Microsoft 3Windows 2000 Windows 2003 ServerWindows Xp Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 9.0 HIGH· v2 Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename V...Show more Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."Show less
CVE-2006-3877 1Microsoft 14Access ExcelExcel Viewer+11 more Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted...Show more Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.Show less
CVE-2006-3864 1Microsoft 3Office ProjectVisio Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .D...Show more Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.Show less
CVE-2006-3650 1Microsoft 1Office Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedde...Show more Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.Show less
CVE-2006-3876 1Microsoft 1Office Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record i...Show more Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.Show less
CVE-2006-3435 1Microsoft 1Office Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted...Show more PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.Show less
CVE-2006-5220 1Objective Development 1Webyep Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ dir...Show more Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.Show less
CVE-2006-5191 1Phpbb 1Phpbb Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_r...Show more PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.Show less
CVE-2006-4812 1Php 1Php Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which trigge...Show more Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).Show less
CVE-2006-5101 1Comdev 1Comdev Csv Importer Apr 23, 2026 Oct 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ...Show more PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.Show less
CVE-2006-5093 1Paul Schudar 1Tagmin Control Center Apr 23, 2026 Sep 29, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-5055 1Forum One 1Syntaxcms Apr 23, 2026 Sep 28, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter.
CVE-2006-5048 1Waltercedric 1Com Securityimages Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path...Show more Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.Show less
CVE-2006-5045 1Joomlaxt 1Com Pollxt Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.p...Show more Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php.Show less
CVE-2006-5043 1Joomlaboard 1Joomlaboard Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1)...Show more Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.Show less

Previous 1...310311312...321 Next