Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-18 | CVE-2017-17721 | SQL Injection vulnerability in Zuuse Beims Contractorweb .Net 5.18.0.0 CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | 9.8 |
| 2017-12-18 | CVE-2017-17651 | SQL Injection vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | 9.8 |
| 2017-12-18 | CVE-2017-17645 | SQL Injection vulnerability in PHPautoclassifiedscript BUS Booking Script 1.0 Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | 9.8 |
| 2017-12-18 | CVE-2017-17643 | SQL Injection vulnerability in Lynda Clone Project Lynda Clone 1.0 FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | 9.8 |
| 2017-12-18 | CVE-2017-17731 | SQL Injection vulnerability in Dedecms 5.5/5.6 DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | 9.8 |
| 2017-12-18 | CVE-2017-17730 | SQL Injection vulnerability in Dedecms 5.5/5.6 DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | 9.8 |
| 2017-12-16 | CVE-2017-17713 | SQL Injection vulnerability in Boxug Trape Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 9.8 |
| 2017-12-15 | CVE-2017-17695 | SQL Injection vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel 1.0/20171116 Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | 8.8 |
| 2017-12-14 | CVE-2017-5663 | SQL Injection vulnerability in Apache Fineract 0.4.0Incubating/0.5.0Incubating/0.6.0Incubating In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. | 8.8 |
| 2017-12-13 | CVE-2017-17648 | SQL Injection vulnerability in Entrepreneur Dating Script Project Entrepreneur Dating Script 2.0.1 Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | 9.8 |