Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2018-6578 | SQL Injection vulnerability in Jextn JE Paypervideo 3.0.0 SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | 9.8 |
| 2018-02-02 | CVE-2018-6577 | SQL Injection vulnerability in Jextn Membership 3.1.0 SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | 9.8 |
| 2018-02-02 | CVE-2018-6576 | SQL Injection vulnerability in Ezcode Event Manager 1.0 SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. | 9.8 |
| 2018-02-02 | CVE-2018-6575 | SQL Injection vulnerability in Jextn Classified 1.0.0 SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. | 9.8 |
| 2018-01-30 | CVE-2018-6376 | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 9.8 |
| 2018-01-30 | CVE-2018-6398 | SQL Injection vulnerability in Joomlacalendars Event Calendar 3.0.1 SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. | 9.8 |
| 2018-01-30 | CVE-2018-6395 | SQL Injection vulnerability in Joomlacalendars Visual Calendar 3.1.3 SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. | 9.8 |
| 2018-01-30 | CVE-2018-6382 | SQL Injection vulnerability in Mantisbt 2.10.0 MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. | 3.3 |
| 2018-01-29 | CVE-2018-6393 | SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24 FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. | 7.2 |
| 2018-01-29 | CVE-2018-6367 | SQL Injection vulnerability in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. | 9.8 |