Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-02-17 CVE-2018-6394 SQL Injection vulnerability in Techjoomla Invitex 3.0.5
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
network
low complexity
techjoomla CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-6373 SQL Injection vulnerability in Fastballproductions Fastball 2.5.0
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
network
low complexity
fastballproductions CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-6372 SQL Injection vulnerability in Joombooking JB BUS 2.3
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
network
low complexity
joombooking CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-6370 SQL Injection vulnerability in Neojoomla Neorecruit 4.1
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
network
low complexity
neojoomla CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-6368 SQL Injection vulnerability in Comdev Jomestate PRO 3.7
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
network
low complexity
comdev CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-6006 SQL Injection vulnerability in Joomsky JS Autoz 1.0.9
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
network
low complexity
joomsky CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-6005 SQL Injection vulnerability in Realpin Project Realpin 1.5.04
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
network
low complexity
realpin-project CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-6004 SQL Injection vulnerability in Techsolsystem File Download Tracker 3.0
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
network
low complexity
techsolsystem CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-5994 SQL Injection vulnerability in Joomsky JS Jobs 1.1.9
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
network
low complexity
joomsky CWE-89
critical
 9.8
9.8
2018-02-17 CVE-2018-5993 SQL Injection vulnerability in Aist Project Aist 2.0
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
network
low complexity
aist-project CWE-89
critical
 9.8
9.8