Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-28 | CVE-2017-15949 | SQL Injection vulnerability in Angry-Frog Xavier 2.4 Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | 7.2 |
| 2017-10-28 | CVE-2017-15946 | SQL Injection vulnerability in Selfget TAG Meta 1.7.6 In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. | 9.8 |
| 2017-10-27 | CVE-2017-15933 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | 7.2 |
| 2017-10-26 | CVE-2014-2023 | SQL Injection vulnerability in Tapatalk Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. | 9.8 |
| 2017-10-26 | CVE-2017-15919 | SQL Injection vulnerability in Accesspressthemes Ultimate-Form-Builder-Lite The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | 9.8 |
| 2017-10-26 | CVE-2017-15907 | SQL Injection vulnerability in PHPcollab 2.5/2.5.1 SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | 9.8 |
| 2017-10-24 | CVE-2017-15880 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | 7.2 |
| 2017-10-24 | CVE-2017-15081 | SQL Injection vulnerability in PHPsugar PHP Melody 2.6.1 In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | 9.8 |
| 2017-10-23 | CVE-2015-5533 | SQL Injection vulnerability in Count PER DAY Project Count PER DAY SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. | 7.2 |
| 2017-10-23 | CVE-2012-4570 | SQL Injection vulnerability in Letodms Project Letodms SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |