Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2017-15578 | SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | 8.8 |
| 2017-10-17 | CVE-2017-15539 | SQL Injection vulnerability in Zorovavi/Blog Project Zorovavi/Blog 20171017 SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | 9.8 |
| 2017-10-16 | CVE-2014-8621 | SQL Injection vulnerability in Store Locator Project Store Locator 2.3/3.11 SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | 9.8 |
| 2017-10-16 | CVE-2017-15373 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | 9.8 |
| 2017-10-06 | CVE-2015-2147 | SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 9.8 |
| 2017-10-06 | CVE-2015-2146 | SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | 9.8 |
| 2017-10-06 | CVE-2017-13068 | SQL Injection vulnerability in Qnap QTS Helpdesk 1.1.12 QNAP has already patched this vulnerability. | 7.5 |
| 2017-10-05 | CVE-2017-1000120 | SQL Injection vulnerability in Frappe [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | 8.8 |
| 2017-10-03 | CVE-2017-6089 | SQL Injection vulnerability in PHPcollab 2.5/2.5.1 SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php. | 9.8 |
| 2017-10-03 | CVE-2017-14848 | SQL Injection vulnerability in Dasinfomedia Wphrm Human Resource Management System 1.0 WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | 8.8 |