Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2015-7670 | SQL Injection vulnerability in Support Ticket System Project Support Ticket System Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | 9.8 |
| 2017-09-26 | CVE-2015-7390 | SQL Injection vulnerability in Testlink SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | 9.8 |
| 2017-09-26 | CVE-2017-14703 | SQL Injection vulnerability in Cashbackcomparisonscript Cash Back Comparison 1.0 SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | 9.8 |
| 2017-09-26 | CVE-2017-14743 | SQL Injection vulnerability in Faleemi Fsc-880 Firmware 00.01.01.0048P2 Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | 8.1 |
| 2017-09-26 | CVE-2017-7973 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | 9.8 |
| 2017-09-25 | CVE-2017-14125 | SQL Injection vulnerability in Wpdevart Responsive Image Gallery Album SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | 9.8 |
| 2017-09-25 | CVE-2015-4669 | SQL Injection vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0 The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | 7.8 |
| 2017-09-23 | CVE-2017-14723 | SQL Injection vulnerability in Wordpress Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | 9.8 |
| 2017-09-22 | CVE-2017-14078 | SQL Injection vulnerability in Trendmicro Mobile Security 9.7 SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 9.8 |
| 2017-09-21 | CVE-2017-14652 | SQL Injection vulnerability in Tapatalk 4.5.7 SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | 9.8 |