Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-10-29 CVE-2017-15968 SQL Injection vulnerability in Contractorscripts Mybuildersite 1.0
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
network
low complexity
contractorscripts CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15967 SQL Injection vulnerability in Mailing-Manager Mailing List Manager PRO 3.0
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
network
low complexity
mailing-manager CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15966 SQL Injection vulnerability in ZH Yandexmap Project ZH Yandexmap 6.1.1.0
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
network
low complexity
zh-yandexmap-project CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15965 SQL Injection vulnerability in Nswd NS Download Shop 2.2.6
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
network
low complexity
nswd CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15964 SQL Injection vulnerability in Nicephpscripts JOB Board Script
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
network
low complexity
nicephpscripts CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15963 SQL Injection vulnerability in Itechscripts Gigs Script 1.21
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
network
low complexity
itechscripts CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15961 SQL Injection vulnerability in Iproject Management System Project Iproject Management System 1.0
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
network
low complexity
iproject-management-system-project CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15960 SQL Injection vulnerability in Yourarticlesdirectory Article Directory Script 3.0
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
network
low complexity
yourarticlesdirectory CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15959 SQL Injection vulnerability in Adultscriptpro 2.2.4
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
network
low complexity
adultscriptpro CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15958 SQL Injection vulnerability in Domainzaar D-Park PRO 1.0
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
network
low complexity
domainzaar CWE-89
critical
 9.8
9.8