Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-08-21 CVE-2017-12977 SQL Injection vulnerability in 10Web Photo Gallery
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php.
network
low complexity
10web CWE-89
7.2
7.2
2017-08-18 CVE-2017-12949 SQL Injection vulnerability in Podlove Podcast Publisher 2.5.3
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
network
low complexity
podlove CWE-89
8.8
8.8
2017-08-18 CVE-2017-12947 SQL Injection vulnerability in Easymodal Project Easy Modal
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
network
low complexity
easymodal-project CWE-89
7.2
7.2
2017-08-18 CVE-2017-12946 SQL Injection vulnerability in Easymodal Project Easy Modal
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
network
low complexity
easymodal-project CWE-89
7.2
7.2
2017-08-18 CVE-2017-12776 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-17 CVE-2017-12910 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-17 CVE-2017-12909 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-17 CVE-2017-12908 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-11 CVE-2015-3616 SQL Injection vulnerability in Fortinet Fortimanager Firmware
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
network
low complexity
fortinet CWE-89
critical
 9.8
9.8
2017-08-10 CVE-2017-1174 SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
8.8