Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-19 | CVE-2016-4040 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. | 7.2 |
| 2016-04-14 | CVE-2015-7999 | SQL Injection vulnerability in Citrix Command Center 5.1/5.2 Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.1 |
| 2016-04-12 | CVE-2016-3172 | SQL Injection vulnerability in Cacti SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | 8.8 |
| 2016-04-11 | CVE-2015-8604 | SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | 8.8 |
| 2016-04-11 | CVE-2016-3675 | SQL Injection vulnerability in Huawei Policy Center Firmware V100R003C00/V100R003C10 SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. | 8.1 |
| 2016-04-11 | CVE-2016-3659 | SQL Injection vulnerability in Cacti SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | 8.8 |
| 2016-04-11 | CVE-2016-0710 | SQL Injection vulnerability in Apache Jetspeed Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. | 8.8 |
| 2016-03-18 | CVE-2015-8153 | SQL Injection vulnerability in Symantec Endpoint Protection Manager SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2016-03-12 | CVE-2015-7448 | SQL Injection vulnerability in IBM products SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 5.4 |
| 2016-02-19 | CVE-2016-1154 | SQL Injection vulnerability in Cuore Ec-Cube Help Plugin SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.1 |