Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2017-15381 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | 9.8 |
| 2017-10-23 | CVE-2017-15379 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | 9.8 |
| 2017-10-23 | CVE-2017-15378 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | 8.8 |
| 2017-10-20 | CVE-2017-2133 | SQL Injection vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-10-18 | CVE-2015-5376 | SQL Injection vulnerability in Gsi-Office Winpat Portal 3.2.0.1001/3.6.1.0 SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | 9.8 |
| 2017-10-18 | CVE-2015-7714 | SQL Injection vulnerability in Realtyna Property Listing 8.9/8.9.2 Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php. | 7.2 |
| 2017-10-18 | CVE-2017-15579 | SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | 9.8 |
| 2017-10-18 | CVE-2017-15578 | SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | 8.8 |
| 2017-10-17 | CVE-2017-15539 | SQL Injection vulnerability in Zorovavi/Blog Project Zorovavi/Blog 20171017 SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | 9.8 |
| 2017-10-16 | CVE-2014-8621 | SQL Injection vulnerability in Store Locator Project Store Locator 2.3/3.11 SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | 9.8 |