Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2017-14652 | SQL Injection vulnerability in Tapatalk 4.5.7 SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | 9.8 |
| 2017-09-21 | CVE-2017-12930 | SQL Injection vulnerability in Tecnovision DLX Spot Player4 SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | 9.8 |
| 2017-09-20 | CVE-2015-4073 | SQL Injection vulnerability in Helpdesk PRO Project Helpdesk PRO Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | 9.8 |
| 2017-09-19 | CVE-2017-14601 | SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0 Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | 4.9 |
| 2017-09-19 | CVE-2017-14600 | SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0 Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | 4.9 |
| 2017-09-17 | CVE-2017-14512 | SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5 NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | 9.8 |
| 2017-09-17 | CVE-2017-14508 | SQL Injection vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 8.8 |
| 2017-09-14 | CVE-2017-1002028 | SQL Injection vulnerability in Angrybyte Gallery-Transformation 1.0 Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | 9.8 |
| 2017-09-14 | CVE-2017-1002027 | SQL Injection vulnerability in Rayanehdownload Rk-Responsive-Contact-Form 1.0 Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | 9.8 |
| 2017-09-14 | CVE-2017-1002026 | SQL Injection vulnerability in Eventespresso Event Espresso 3.1.37.11.L Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. | 8.8 |