Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-01-29 CVE-2018-6365 SQL Injection vulnerability in Datacomponents Tsitebuilder 1.0
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
network
low complexity
datacomponents CWE-89
critical
 9.8
9.8
2018-01-29 CVE-2018-6364 SQL Injection vulnerability in Multilanguage Real Estate MLM Script Project Multilanguage Real Estate MLM Script 3.0
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
network
low complexity
multilanguage-real-estate-mlm-script-project CWE-89
critical
 9.8
9.8
2018-01-29 CVE-2018-6363 SQL Injection vulnerability in Taskrabbit Clone Project Taskrabbit Clone 1.0
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
network
low complexity
taskrabbit-clone-project CWE-89
critical
 9.8
9.8
2018-01-25 CVE-2018-5973 SQL Injection vulnerability in Eihitech Professional Local Directory Script 1.0
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
network
low complexity
eihitech CWE-89
critical
 9.8
9.8
2018-01-25 CVE-2018-6308 SQL Injection vulnerability in Sugarcrm 6.5.26
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.
network
low complexity
sugarcrm CWE-89
critical
 9.8
9.8
2018-01-25 CVE-2018-5443 SQL Injection vulnerability in Advantech Webaccess/Scada
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817.
network
low complexity
advantech CWE-89
5.3
5.3
2018-01-25 CVE-2017-15546 SQL Injection vulnerability in EMC RSA Authentication Manager
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability.
network
low complexity
emc CWE-89
4.3
4.3
2018-01-24 CVE-2017-1000474 SQL Injection vulnerability in Vehicle Sales Management System Project Vehicle Sales Management System 20170730
Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.
network
low complexity
vehicle-sales-management-system-project CWE-89
critical
 9.8
9.8
2018-01-24 CVE-2018-5778 SQL Injection vulnerability in Progress Whatsup Gold
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1).
network
low complexity
progress CWE-89
critical
 9.8
9.8
2018-01-24 CVE-2018-5988 SQL Injection vulnerability in Flexible Poll Project Flexible Poll 1.2
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
network
low complexity
flexible-poll-project CWE-89
critical
 9.8
9.8