Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-06 | CVE-2015-1000011 | SQL Injection vulnerability in Dukapress Project Dukapress 2.5.9 Blind SQL Injection in wordpress plugin dukapress v2.5.9 | 9.8 |
| 2016-10-06 | CVE-2015-1000003 | SQL Injection vulnerability in Filedownload Project Filedownload 1.4 Blind SQL Injection in filedownload v1.4 wordpress plugin | 9.8 |
| 2016-10-05 | CVE-2016-6652 | SQL Injection vulnerability in Pivotal Software Spring Data JPA 1.10.2 SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. | 5.6 |
| 2016-10-05 | CVE-2016-6419 | SQL Injection vulnerability in Cisco Secure Firewall Management Center SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | 7.5 |
| 2016-10-03 | CVE-2016-7405 | SQL Injection vulnerability in multiple products The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | 9.8 |
| 2016-09-17 | CVE-2016-5843 | SQL Injection vulnerability in Otrs FAQ Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. | 9.4 |
| 2016-08-30 | CVE-2016-6195 | SQL Injection vulnerability in Vbulletin 4.2.2/4.2.3 SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. | 9.8 |
| 2016-08-26 | CVE-2016-5048 | SQL Injection vulnerability in Readydesk 9.1 SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field. | 9.8 |
| 2016-08-22 | CVE-2016-5817 | SQL Injection vulnerability in Navis Webaccess 20160809 SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2016-08-08 | CVE-2016-5792 | SQL Injection vulnerability in Moxa Softcms 1.2/1.3/1.4 SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | 9.8 |