Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-01-31 CVE-2016-9416 SQL Injection vulnerability in Mybb Merge System and Mybb
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
9.8
2017-01-31 CVE-2016-9402 SQL Injection vulnerability in Mybb
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
9.8
2017-01-31 CVE-2015-8974 SQL Injection vulnerability in Mybb Merge System and Mybb
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
10.0
2017-01-30 CVE-2017-5611 SQL Injection vulnerability in multiple products
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
network
low complexity
wordpress debian oracle CWE-89
critical
9.8
2017-01-28 CVE-2017-5609 SQL Injection vulnerability in S9Y Serendipity 2.0.5
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
network
low complexity
s9y CWE-89
8.8
2017-01-27 CVE-2017-5598 SQL Injection vulnerability in Eclinicalworks Patient Portal 8.0
An issue was discovered in eClinicalWorks healow@work 8.0 build 8.
network
low complexity
eclinicalworks CWE-89
7.5
2017-01-23 CVE-2016-5742 SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sixapart CWE-89
critical
9.8
2017-01-23 CVE-2016-4338 SQL Injection vulnerability in Zabbix
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
network
high complexity
zabbix CWE-89
8.1
2017-01-23 CVE-2016-0769 SQL Injection vulnerability in Elfden Eshop Plugin 6.3.14
Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.
network
low complexity
elfden CWE-89
8.8
2017-01-23 CVE-2017-5570 SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13.
network
low complexity
eclinicalworks CWE-89
8.8