Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-09-08 CVE-2017-11161 SQL Injection vulnerability in Synology Photo Station
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
network
low complexity
synology CWE-89
critical
9.8
2017-09-07 CVE-2017-12227 SQL Injection vulnerability in Cisco Emergency Responder
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack.
network
low complexity
cisco CWE-89
5.4
2017-09-07 CVE-2015-5052 SQL Injection vulnerability in Sefrengo 1.2.0/1.6.5
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
network
low complexity
sefrengo CWE-89
critical
9.8
2017-09-07 CVE-2015-4724 SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1
SQL injection vulnerability in Concrete5 5.7.3.1.
network
low complexity
concretecms CWE-89
8.8
2017-09-07 CVE-2015-4627 SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0
SQL injection vulnerability in Pragyan CMS 3.0.
network
low complexity
pragyan-cms-project CWE-89
critical
9.8
2017-09-07 CVE-2015-3314 SQL Injection vulnerability in Tune Library Project Tune Library
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
network
high complexity
tune-library-project CWE-89
8.1
2017-09-07 CVE-2015-3313 SQL Injection vulnerability in Community Events Project Community Events
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
network
low complexity
community-events-project CWE-89
critical
9.8
2017-09-07 CVE-2017-9834 SQL Injection vulnerability in Calendarscripts Watupro
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.
network
low complexity
calendarscripts CWE-89
critical
9.8
2017-09-05 CVE-2017-14145 SQL Injection vulnerability in Helpdezk 1.1.1
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
network
low complexity
helpdezk CWE-89
critical
9.8
2017-08-31 CVE-2016-10509 SQL Injection vulnerability in Opencart
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
network
low complexity
opencart CWE-89
7.2