Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2002-2287 1Phpbb 1Advanced Quick Reply Hack Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
CVE-2002-2249 1Php Evolution 1News Evolution Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.
CVE-2002-2019 1Oscommerce 1Oscommerce Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
CVE-2002-1991 1Oscommerce 1Oscommerce Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
CVE-2002-1753 1Cgiscript 1Csnews Professional Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2002-1752 1Cgiscript 1Cschat R Box Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2002-1750 1Cgiscript 1Csguestbook Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2002-0495 1Cgiscript 1Cssearch Professional Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSea...Show more csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.Show less
CVE-2001-0308 1Bajie 1Java Http Server Apr 16, 2026 May 3, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to acces...Show more UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.Show less
CVE-2001-0307 1Bajie 1Java Http Server Apr 16, 2026 May 3, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
CVE-2000-0155 1Microsoft 3Windows 95 Windows 98Windows Nt Apr 16, 2026 Feb 18, 2000 N/A· v4 N/A· v3 7.2 HIGH· v2 Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.
CVE-1999-0702 1Microsoft 1Internet Explorer Apr 16, 2026 Sep 10, 1999 N/A· v4 N/A· v3 10.0 HIGH· v2 Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-1999-0891 1Microsoft 1Internet Explorer Apr 16, 2026 Sep 1, 1999 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-1999-0491 1Gnu 1Bash Apr 16, 2026 Apr 20, 1999 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVE-1999-0509 - - Apr 16, 2026 May 29, 1996 N/A· v4 N/A· v3 10.0 HIGH· v2 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.

Previous 1...319 320 321 322323