CWE-94

CVE-2018-1808

February 26, 2023 by

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.

CVE-2018-18083

February 26, 2023 by

An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because “eval” is used during “if” processing.

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.

CVE-2018-17827

February 26, 2023 by

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin’s name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.

CVE-2018-17364

February 26, 2023 by

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.

CVE-2018-17207

February 26, 2023 by

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.