Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2017-14125 SQL Injection vulnerability in Wpdevart Responsive Image Gallery Album
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
network
low complexity
wpdevart CWE-89
critical
9.8
2017-09-25 CVE-2015-4669 SQL Injection vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
local
low complexity
xceedium CWE-89
7.8
2017-09-23 CVE-2017-14723 SQL Injection vulnerability in Wordpress
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
network
low complexity
wordpress CWE-89
critical
9.8
2017-09-22 CVE-2017-14078 SQL Injection vulnerability in Trendmicro Mobile Security 9.7
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-09-21 CVE-2017-14652 SQL Injection vulnerability in Tapatalk 4.5.7
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
network
low complexity
tapatalk CWE-89
critical
9.8
2017-09-21 CVE-2017-12930 SQL Injection vulnerability in Tecnovision DLX Spot Player4
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
network
low complexity
tecnovision CWE-89
critical
9.8
2017-09-20 CVE-2015-4073 SQL Injection vulnerability in Helpdesk PRO Project Helpdesk PRO
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
network
low complexity
helpdesk-pro-project CWE-89
critical
9.8
2017-09-19 CVE-2017-14601 SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
network
low complexity
pragyan-cms-project CWE-89
4.9
2017-09-19 CVE-2017-14600 SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
network
low complexity
pragyan-cms-project CWE-89
4.9
2017-09-17 CVE-2017-14512 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
network
low complexity
nexusphp-project CWE-89
critical
9.8