Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-1926 1Tiki 1Tikiwiki Cms/groupware Apr 16, 2026 Apr 11, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) De...Show more Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.Show less
CVE-2003-1500 1Cpcommerce 1Cpcommerce Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.
CVE-2003-1491 1Kerio 1Personal Firewall Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
CVE-2003-1459 1Ttcms 2Ttcms Ttforum Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
CVE-2003-1436 1Crossnuke 1Nukebrowser Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
CVE-2003-1432 1Epic Games 2Unreal Engine Unreal Tournament 2003 Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated...Show more Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.Show less
CVE-2003-1412 1Gonicus 1Gonicus System Administration Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6depa...Show more PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.Show less
CVE-2003-1411 1Isoca 1Cedric Email Reader Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
CVE-2003-1410 1Isoca 1Cedric Email Reader Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
CVE-2003-1406 1Adalis Infomatique 1D Forum Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3...Show more PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.Show less
CVE-2003-1385 1Invision Power Services 1Invision Power Board Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains...Show more ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.Show less
CVE-2003-1253 1Sangwan Kim 1Bookmark4u Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
CVE-2003-1240 1Cutephp 1Cutenews Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.
CVE-2003-1227 1Gallery Project 1Gallery Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASE...Show more PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.Show less
CVE-2003-0498 1Intersystems 1Cache Database Apr 16, 2026 Aug 7, 2003 N/A· v4 N/A· v3 7.2 HIGH· v2 Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVE-2003-0395 1Myupb 1Ultimate Php Board Apr 16, 2026 Jul 2, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administra...Show more Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.Show less
CVE-2002-2319 1Mysimplenews 1Mysimplenews Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.
CVE-2002-2299 1Atthat.com 1Thatware Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2002-2298 1Atthat.com 1Thatware Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2002-2297 1Atthat.com 1Thatware Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.

Previous 1...319 320 321322323 Next