Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Code Execution

This page lists 416 vulnerabilities in this category.

Critical: 62 High: 338 Medium: 15 Low: 1
Vulnerability Name
CVE
CWE
Severity
Remote code execution vulnerability in WordPress Duplicator
-
CWE-98
High
Oracle Weblogic WLS-WSAT Component Deserialization RCE
CVE-2017-10271
CWE-94
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
Apache Struts Remote Code Execution (S2-057)
CVE-2018-11776
CWE-917
High
Data Binding Expression Vulnerability in Spring Web Flow
CVE-2017-4971
CWE-78
High
Apache Unomi MVEL RCE (CVE-2020-13942)
CVE-2020-13942
CWE-20
High
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
CVE-2019-0192
-
High
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
vBulletin 5.x 0day pre-auth RCE
-
CWE-94
High
Telerik Web UI RadAsyncUpload Deserialization
CVE-2019-18935
CWE-78
High
Telerik Web UI Insecure Direct Object Reference
CVE-2017-11357
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)
CVE-2017-11317
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)
CVE-2014-2217
CWE-78
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
CVE-2023-49070
CWE-502
High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
CVE-2020-2950
CWE-502
High
Webmin v1.920 Unauhenticated Remote Command Execution
CVE-2019-15107
CWE-94
High
BigIP iRule Tcl code injection
-
CWE-78
High
uWSGI Unauthorized Access Vulnerability
-
CWE-78
High
Nagios XI Magpie_debug.php Unauthenticated RCE
CVE-2018-15708
CWE-94
High
FastCGI Unauthorized Access Vulnerability
-
CWE-78
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
Drupal REST Remote Code Execution
CVE-2019-6340
CWE-78
High
WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)
CVE-2024-6365
CWE-94
High
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
-
CWE-94
High
Liferay XMLRPC Blind SSRF
-
CWE-918
Medium
PHP4 IMAP module buffer overflow vulnerability
-
CWE-119
Medium
Liferay version older than 7.1
-
CWE-918
Medium
PHP 4.3.0 file disclosure and possible code execution
CVE-2003-0097
CWE-20
Medium
PHP eval() used on user input
-
CWE-95
Medium
PHP HTTP POST incorrect MIME header parsing vulnerability
CVE-2002-0717
CWE-20
Medium
PHP version older than 4.3.8
CVE-2004-0595
CWE-1104
Medium
PHP object deserialization of user-supplied data
-
CWE-20
Medium
PHP curl_exec() url is controlled by user
CVE-2009-0037
CWE-352
Medium
PHP preg_replace used on user input
-
CWE-20
Medium
PHP unserialize() used on user input
-
CWE-20
Medium
Python object deserialization of user-supplied data
-
CWE-20
Medium
Hashicorp Consul API is accessible without authentication
-
CWE-200
Medium
Apache Solr SSRF CVE-2017-3164
CVE-2017-3164
CWE-918
Medium
Apache 2.x version older than 2.2.3
CVE-2006-3747
CWE-189
Medium
Symfony ESI (Edge-Side Includes) enabled
-
CWE-16
Low