Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-01-01 CVE-2016-10096 SQL Injection vulnerability in Genixcms
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
network
low complexity
genixcms CWE-89
7.3
7.3
2016-12-19 CVE-2016-2355 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
network
low complexity
dotcms CWE-89
critical
 9.8
9.8
2016-12-11 CVE-2016-9864 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
7.5
7.5
2016-12-11 CVE-2016-6619 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-89
8.8
8.8
2016-12-11 CVE-2016-6617 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-12-11 CVE-2016-6616 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
7.5
7.5
2016-12-11 CVE-2016-6611 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-11-30 CVE-2016-2873 SQL Injection vulnerability in IBM Qradar Security Information and Event Manager
SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
8.8
8.8
2016-11-30 CVE-2016-2950 SQL Injection vulnerability in IBM Bigfix Remote Control 9.1.2
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2016-11-29 CVE-2016-9481 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8