Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-09-30 CVE-2017-14738 SQL Injection vulnerability in Filerun 2017.09.18
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
network
low complexity
filerun CWE-89
critical
 9.8
9.8
2017-09-30 CVE-2015-9234 SQL Injection vulnerability in Cfpaypal CP Contact Form With Paypal
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
network
low complexity
cfpaypal CWE-89
7.2
7.2
2017-09-29 CVE-2017-14507 SQL Injection vulnerability in Shindiristudio Content Timeline 4.4.2
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
network
low complexity
shindiristudio CWE-89
critical
 9.8
9.8
2017-09-28 CVE-2017-14847 SQL Injection vulnerability in Dasinfomedia Wpams Apartment Management System
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
network
low complexity
dasinfomedia CWE-89
8.8
8.8
2017-09-28 CVE-2017-14846 SQL Injection vulnerability in Dasinfomedia Hospital Management System
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
network
low complexity
dasinfomedia CWE-89
8.8
8.8
2017-09-28 CVE-2017-14845 SQL Injection vulnerability in Dasinfomedia Wpchurch Church Management System
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
network
low complexity
dasinfomedia CWE-89
8.8
8.8
2017-09-28 CVE-2017-14844 SQL Injection vulnerability in Dasinfomedia Wpgym GYM Management System
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
network
low complexity
dasinfomedia CWE-89
8.8
8.8
2017-09-28 CVE-2017-14843 SQL Injection vulnerability in Dasinfomedia School Management System
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
network
low complexity
dasinfomedia CWE-89
8.8
8.8
2017-09-28 CVE-2017-14842 SQL Injection vulnerability in Dasinfomedia Smsmaster Multipurpose SMS Gateway
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
network
low complexity
dasinfomedia CWE-89
8.8
8.8
2017-09-27 CVE-2017-14760 SQL Injection vulnerability in Eventespresso Event Espresso Lite 3.1.37.12.L
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.
network
low complexity
eventespresso CWE-89
critical
 9.8
9.8