Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2017-5569 SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13.
network
low complexity
eclinicalworks CWE-89
critical
 9.8
9.8
2017-01-23 CVE-2017-5575 SQL Injection vulnerability in Metalgenix Genixcms
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.
network
low complexity
metalgenix CWE-89
critical
 9.8
9.8
2017-01-23 CVE-2017-5574 SQL Injection vulnerability in Metalgenix Genixcms
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
network
low complexity
metalgenix CWE-89
critical
 9.8
9.8
2017-01-17 CVE-2017-5519 SQL Injection vulnerability in Metalgenix Genixcms
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
metalgenix CWE-89
critical
 9.8
9.8
2017-01-17 CVE-2017-5517 SQL Injection vulnerability in Metalgenix Genixcms
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
network
low complexity
metalgenix CWE-89
critical
 9.8
9.8
2017-01-12 CVE-2017-5347 SQL Injection vulnerability in Metalgenix Genixcms 0.0.8
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.
network
low complexity
metalgenix CWE-89
7.2
7.2
2017-01-12 CVE-2017-5346 SQL Injection vulnerability in Genixcms 0.0.8
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
network
low complexity
genixcms CWE-89
7.2
7.2
2017-01-12 CVE-2017-5345 SQL Injection vulnerability in Metalgenix Genixcms 0.0.8
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.
network
low complexity
metalgenix CWE-89
8.8
8.8
2017-01-10 CVE-2015-4592 SQL Injection vulnerability in Eclinicalworks Population Health
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
network
low complexity
eclinicalworks CWE-89
8.8
8.8
2017-01-04 CVE-2016-10114 SQL Injection vulnerability in Awebsupport Aweb Cart Watching System for Virtuemart 2.6.0
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
network
low complexity
awebsupport CWE-89
critical
 9.8
9.8