Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-10 | CVE-2015-6028 | SQL Injection vulnerability in Castlerock Snmpc 12.1/9.0 Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | 8.8 |
| 2017-04-07 | CVE-2017-7581 | SQL Injection vulnerability in News System Project News System SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | 9.8 |
| 2017-04-07 | CVE-2017-3886 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.9 |
| 2017-04-03 | CVE-2017-7410 | SQL Injection vulnerability in Websitebaker Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. | 9.8 |
| 2017-03-30 | CVE-2017-7290 | SQL Injection vulnerability in Xoops 2.5.7.2/2.5.7.3/2.5.8.1 SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. | 7.2 |
| 2017-03-27 | CVE-2017-6013 | SQL Injection vulnerability in Intelliants Subrion CMS 4.0.5.10 Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | 9.8 |
| 2017-03-26 | CVE-2017-2641 | SQL Injection vulnerability in Moodle In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | 9.8 |
| 2017-03-20 | CVE-2017-6550 | SQL Injection vulnerability in Kinsey Infor-Lawson Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | 9.8 |
| 2017-03-14 | CVE-2017-3899 | SQL Injection vulnerability in Mcafee Advanced Threat Defense SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | 6.5 |
| 2017-03-14 | CVE-2016-8027 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | 10.0 |