Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-14 | CVE-2017-1002010 | SQL Injection vulnerability in Ontraport Membership Simplified 1.58 Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | 9.8 |
| 2017-09-14 | CVE-2017-1002009 | SQL Injection vulnerability in Ontraport Membership Simplified 1.58 Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. | 9.8 |
| 2017-09-14 | CVE-2017-1002005 | SQL Injection vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | 7.5 |
| 2017-09-14 | CVE-2017-1002004 | SQL Injection vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | 7.5 |
| 2017-09-13 | CVE-2017-14403 | SQL Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. | 9.8 |
| 2017-09-13 | CVE-2017-14402 | SQL Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | 9.8 |
| 2017-09-13 | CVE-2017-14401 | SQL Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. | 9.8 |
| 2017-09-12 | CVE-2017-14396 | SQL Injection vulnerability in Osticket 1.10 In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | 9.8 |
| 2017-09-12 | CVE-2017-8015 | SQL Injection vulnerability in EMC Appsync 2.0/3.0.0 EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 9.8 |
| 2017-09-12 | CVE-2017-14345 | SQL Injection vulnerability in Blog Project Blog SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | 9.8 |