Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-24	CVE-2017-15081	SQL Injection vulnerability in PHPsugar PHP Melody 2.6.1 In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. network low complexity phpsugar CWE-89 critical	9.8
2017-10-23	CVE-2015-5533	SQL Injection vulnerability in Count PER DAY Project Count PER DAY SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. network low complexity count-per-day-project CWE-89	7.2
2017-10-23	CVE-2012-4570	SQL Injection vulnerability in Letodms Project Letodms SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity letodms-project CWE-89 critical	9.8
2017-10-23	CVE-2017-15381	SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). network low complexity softwarepublico CWE-89 critical	9.8
2017-10-23	CVE-2017-15379	SQL Injection vulnerability in Softwarepublico E-Sic 1.0 An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. network low complexity softwarepublico CWE-89 critical	9.8
2017-10-23	CVE-2017-15378	SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). network low complexity softwarepublico CWE-89	8.8
2017-10-20	CVE-2017-2133	SQL Injection vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity panasonic CWE-89	8.8
2017-10-18	CVE-2015-5376	SQL Injection vulnerability in Gsi-Office Winpat Portal 3.2.0.1001/3.6.1.0 SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. network low complexity gsi-office CWE-89 critical	9.8
2017-10-18	CVE-2015-7714	SQL Injection vulnerability in Realtyna Property Listing 8.9/8.9.2 Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php. network low complexity realtyna CWE-89	7.2
2017-10-18	CVE-2017-15579	SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. network low complexity phpsugar CWE-89 critical	9.8