Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-06-21 CVE-2018-12630 SQL Injection vulnerability in Nmark Nmcms 2.1
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
network
low complexity
nmark CWE-89
critical
 9.8
9.8
2018-06-20 CVE-2018-1132 SQL Injection vulnerability in Opendaylight Sdninterfaceapp
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI).
network
low complexity
opendaylight CWE-89
critical
 9.8
9.8
2018-06-19 CVE-2015-4043 SQL Injection vulnerability in Connx ESP HR Management 4.4.0
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
network
low complexity
connx CWE-89
critical
 9.8
9.8
2018-06-18 CVE-2018-9029 SQL Injection vulnerability in Broadcom Privileged Access Manager
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
network
low complexity
broadcom CWE-89
critical
 9.8
9.8
2018-06-18 CVE-2018-12534 SQL Injection vulnerability in Quick Chat Project Quick Chat
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
network
low complexity
quick-chat-project CWE-89
critical
 9.8
9.8
2018-06-17 CVE-2018-10997 SQL Injection vulnerability in Etere Etereweb
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
network
low complexity
etere CWE-89
critical
 9.8
9.8
2018-06-17 CVE-2018-10969 SQL Injection vulnerability in Genetechsolutions PIE Register
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
network
low complexity
genetechsolutions CWE-89
critical
 9.8
9.8
2018-06-15 CVE-2018-12498 SQL Injection vulnerability in Icmsdev Icms 7.0.8
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
network
low complexity
icmsdev CWE-89
critical
 9.8
9.8
2018-06-12 CVE-2017-18291 SQL Injection vulnerability in Pvpgn Stats 2.4.6
An issue was discovered in PvPGN Stats 2.4.6.
network
low complexity
pvpgn CWE-89
critical
 9.8
9.8
2018-06-12 CVE-2017-18290 SQL Injection vulnerability in Pvpgn Stats 2.4.6
An issue was discovered in PvPGN Stats 2.4.6.
network
low complexity
pvpgn CWE-89
critical
 9.8
9.8