Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2016-10007 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
network
low complexity
dotcms CWE-89
7.2
2018-02-18 CVE-2018-6024 SQL Injection vulnerability in Thethinkery Project LOG 1.5.3
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
network
low complexity
thethinkery CWE-89
critical
9.8
2018-02-17 CVE-2018-7180 SQL Injection vulnerability in Saxum2003 Astro 4.0.14
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
network
low complexity
saxum2003 CWE-89
critical
9.8
2018-02-17 CVE-2018-7179 SQL Injection vulnerability in Squadmanagement Project Squadmanagement 1.0.3
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
network
low complexity
squadmanagement-project CWE-89
critical
9.8
2018-02-17 CVE-2018-7178 SQL Injection vulnerability in Saxum2003 Saxum Picker 3.2.10
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
network
low complexity
saxum2003 CWE-89
critical
9.8
2018-02-17 CVE-2018-7177 SQL Injection vulnerability in Saxum2003 Numerology 3.0.4
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
network
low complexity
saxum2003 CWE-89
critical
9.8
2018-02-17 CVE-2018-6585 SQL Injection vulnerability in Techjoomla Jticketing 2.0.16
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
network
low complexity
techjoomla CWE-89
critical
9.8
2018-02-17 CVE-2018-6584 SQL Injection vulnerability in Dthdevelopment DT Register 3.2.7
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
network
low complexity
dthdevelopment CWE-89
critical
9.8
2018-02-17 CVE-2018-6583 SQL Injection vulnerability in Quanticalabs Timetable Responsive Schedule 1.5
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
network
low complexity
quanticalabs CWE-89
critical
9.8
2018-02-17 CVE-2018-6396 SQL Injection vulnerability in Google MAP Landkarten Project Google MAP Landkarten 4.2.3
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
network
low complexity
google-map-landkarten-project CWE-89
critical
9.8