Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-05 | CVE-2017-16542 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | 8.8 |
| 2017-11-02 | CVE-2017-11508 | SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2 SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. | 8.8 |
| 2017-11-02 | CVE-2017-16510 | SQL Injection vulnerability in Wordpress WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | 9.8 |
| 2017-11-02 | CVE-2017-12276 | SQL Injection vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 8.1 |
| 2017-10-31 | CVE-2017-14356 | SQL Injection vulnerability in HP products An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. | 9.8 |
| 2017-10-31 | CVE-2017-15993 | SQL Injection vulnerability in Zomato Clone Script Project Zomato Clone Script Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | 9.8 |
| 2017-10-31 | CVE-2017-15992 | SQL Injection vulnerability in Website Broker Script Project Website Broker Script Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | 9.8 |
| 2017-10-31 | CVE-2017-15991 | SQL Injection vulnerability in Vastal Agent Zone Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. | 9.8 |
| 2017-10-31 | CVE-2017-15989 | SQL Injection vulnerability in Online Exam Test Application Project Online Exam Test Application Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | 9.8 |
| 2017-10-31 | CVE-2017-15988 | SQL Injection vulnerability in Nicephpscripts Nice PHP FAQ Script Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. | 9.8 |