Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-01-24 CVE-2018-5984 SQL Injection vulnerability in Tumder Project Tumder 2.1
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
network
low complexity
tumder-project CWE-89
critical
 9.8
9.8
2018-01-24 CVE-2018-5979 SQL Injection vulnerability in Wchat Project Wchat 1.5
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
network
low complexity
wchat-project CWE-89
critical
 9.8
9.8
2018-01-24 CVE-2018-5978 SQL Injection vulnerability in Zechat Project Zechat 1.5
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
network
low complexity
zechat-project CWE-89
critical
 9.8
9.8
2018-01-24 CVE-2018-5977 SQL Injection vulnerability in Getaffiligator Affiligator 2.1.0
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
network
low complexity
getaffiligator CWE-89
critical
 9.8
9.8
2018-01-24 CVE-2018-5972 SQL Injection vulnerability in Quickad Project Quickad 4.0
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
network
low complexity
quickad-project CWE-89
critical
 9.8
9.8
2018-01-23 CVE-2017-17999 SQL Injection vulnerability in Fairsketch Rise Ultimate Project Manager 1.9
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.
network
low complexity
fairsketch CWE-89
critical
 9.8
9.8
2018-01-22 CVE-2018-5960 SQL Injection vulnerability in Tribalsystems Zenario
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
network
low complexity
tribalsystems CWE-89
8.8
8.8
2018-01-18 CVE-2017-12729 SQL Injection vulnerability in Moxa Softcms LAB View
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6.
network
low complexity
moxa CWE-89
critical
 9.8
9.8
2018-01-14 CVE-2018-5697 SQL Injection vulnerability in Icyphoenix 2.2.0.105
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.
network
low complexity
icyphoenix CWE-89
7.2
7.2
2018-01-14 CVE-2018-5696 SQL Injection vulnerability in Ijoomla AD Agency 6.0.9
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.
network
low complexity
ijoomla CWE-89
critical
 9.8
9.8