Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-05 | CVE-2016-6419 | SQL Injection vulnerability in Cisco Secure Firewall Management Center SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | 7.5 |
| 2016-10-03 | CVE-2016-7405 | SQL Injection vulnerability in multiple products The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | 9.8 |
| 2016-09-17 | CVE-2016-5843 | SQL Injection vulnerability in Otrs FAQ Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. | 9.4 |
| 2016-08-30 | CVE-2016-6195 | SQL Injection vulnerability in Vbulletin 4.2.2/4.2.3 SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. | 9.8 |
| 2016-08-26 | CVE-2016-5048 | SQL Injection vulnerability in Readydesk 9.1 SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field. | 9.8 |
| 2016-08-22 | CVE-2016-5817 | SQL Injection vulnerability in Navis Webaccess 20160809 SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2016-08-08 | CVE-2016-5792 | SQL Injection vulnerability in Moxa Softcms 1.2/1.3/1.4 SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | 9.8 |
| 2016-08-05 | CVE-2016-4999 | SQL Injection vulnerability in Redhat products SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | 9.8 |
| 2016-08-01 | CVE-2016-4837 | SQL Injection vulnerability in Ec-Cube Discount Coupon SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2016-07-28 | CVE-2016-4522 | SQL Injection vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00 SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |