CWE-94

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the addqq() method.

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.

Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in attachmentadminindex.php.

A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the “ml” and “title” parameters.

A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.