Vulnerabilities (CVE)

Filtered by CWE-94
Total 3677 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25197 1 Ge 6 Rt430, Rt430 Firmware, Rt431 and 3 more 2024-11-21 9.0 HIGH 9.8 CRITICAL
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
CVE-2020-24628 1 Hpe 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
CVE-2020-23219 1 Monstra 1 Monstra Cms 2024-11-21 6.5 MEDIUM 8.8 HIGH
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
CVE-2020-23037 1 Portable 1 Playable 2024-11-21 7.5 HIGH 9.8 CRITICAL
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
CVE-2020-22937 1 Phome 1 Empirecms 2024-11-21 7.5 HIGH 9.8 CRITICAL
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.
CVE-2020-22612 1 Mybb 1 Mybb 2024-11-21 N/A 9.8 CRITICAL
Installer RCE on settings file write in MyBB before 1.8.22.
CVE-2020-22201 1 Phpcms 1 Phpcms 2024-11-21 6.5 MEDIUM 8.8 HIGH
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
CVE-2020-22120 1 Txjia 1 Imcat 2024-11-21 6.5 MEDIUM 8.8 HIGH
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
CVE-2020-21784 1 Phpwcms 1 Phpwcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.
CVE-2020-21652 1 Myucms Project 1 Myucms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.
CVE-2020-21651 1 Myucms Project 1 Myucms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.
CVE-2020-21650 1 Myucms Project 1 Myucms 2024-11-21 6.5 MEDIUM 8.8 HIGH
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.
CVE-2020-20918 1 Pluck-cms 1 Pluck 2024-11-21 N/A 7.2 HIGH
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
CVE-2020-20601 1 Thinkcmf 1 Thinkcmf 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
CVE-2020-20298 1 Zzzcms 1 Zzzphp 2024-11-21 7.5 HIGH 9.8 CRITICAL
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.
CVE-2020-20124 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 6.5 MEDIUM 8.8 HIGH
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
CVE-2020-19822 1 Zzcms 1 Zzcms 2024-11-21 6.5 MEDIUM 7.2 HIGH
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters.
CVE-2020-18185 1 Pluxml 1 Pluxml 2024-11-21 7.5 HIGH 9.8 CRITICAL
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
CVE-2020-18172 1 Trezor 1 Bridge 2024-11-21 7.5 HIGH 9.8 CRITICAL
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.
CVE-2020-15865 1 Stimulsoft 1 Reports 2024-11-21 10.0 HIGH 9.8 CRITICAL
A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.