Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-11384 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll.
network
low complexity
trendmicro CWE-89
critical
 9.8
9.8
2017-08-02 CVE-2017-11383 SQL Injection vulnerability in Trendmicro Control Manager 6.0
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll.
network
low complexity
trendmicro CWE-89
critical
 9.8
9.8
2017-08-02 CVE-2017-11494 SQL Injection vulnerability in Sol-Connect Sol.Connect Iset-Mpp Meter Firmware 1.2.4.2
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
network
low complexity
sol-connect CWE-89
critical
 9.8
9.8
2017-08-02 CVE-2017-12199 SQL Injection vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
network
low complexity
etoilewebdesign CWE-89
critical
 9.8
9.8
2017-07-29 CVE-2017-11736 SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.2.18
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
network
low complexity
bigtreecms CWE-89
8.8
8.8
2017-07-28 CVE-2017-11184 SQL Injection vulnerability in Glpi-Project Glpi
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
network
low complexity
glpi-project CWE-89
critical
 9.8
9.8
2017-07-27 CVE-2017-11678 SQL Injection vulnerability in Hashtopus Project Hashtopus 1.5G
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
network
low complexity
hashtopus-project CWE-89
8.8
8.8
2017-07-26 CVE-2017-11631 SQL Injection vulnerability in Fiyo CMS 2.0.7
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-25 CVE-2015-2798 SQL Injection vulnerability in Web-Dorado Contact Form Maker 1.0.1
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
web-dorado CWE-89
critical
 9.8
9.8
2017-07-24 CVE-2017-11324 SQL Injection vulnerability in Tilde CMS Project Tilde CMS 1.0.1
An issue was discovered in Tilde CMS 1.0.1.
network
low complexity
tilde-cms-project CWE-89
critical
 9.8
9.8