Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-4999 SQL Injection vulnerability in Redhat products
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
network
low complexity
redhat CWE-89
critical
 9.8
9.8
2016-08-01 CVE-2016-4837 SQL Injection vulnerability in Ec-Cube Discount Coupon
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ec-cube CWE-89
critical
 9.8
9.8
2016-07-28 CVE-2016-4522 SQL Injection vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
rockwellautomation CWE-89
critical
 9.8
9.8
2016-07-19 CVE-2016-5653 SQL Injection vulnerability in Misys Fusioncapital Opics Plus
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.
network
low complexity
misys CWE-89
6.5
6.5
2016-07-15 CVE-2016-1446 SQL Injection vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39
SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.
network
low complexity
cisco CWE-89
8.8
8.8
2016-07-06 CVE-2016-4507 SQL Injection vulnerability in Bosch Bladecontrol-Webvis 3.0.2
SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
bosch CWE-89
6.4
6.4
2016-07-03 CVE-2016-5703 SQL Injection vulnerability in multiple products
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
network
low complexity
opensuse phpmyadmin CWE-89
critical
 9.8
9.8
2016-06-28 CVE-2016-0233 SQL Injection vulnerability in IBM Marketing Platform
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
8.8
8.8
2016-06-28 CVE-2016-0224 SQL Injection vulnerability in IBM Marketing Platform
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
critical
 9.8
9.8
2016-06-23 CVE-2016-1437 SQL Injection vulnerability in Cisco Prime Collaboration Deployment
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.
network
low complexity
cisco CWE-89
6.5
6.5