Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-07-24 CVE-2017-11584 SQL Injection vulnerability in Finecms 1.9.5/5.0.9
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
network
low complexity
finecms CWE-89
critical
 9.8
9.8
2017-07-24 CVE-2017-11583 SQL Injection vulnerability in Finecms 1.9.5/5.0.9
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.
network
low complexity
finecms CWE-89
critical
 9.8
9.8
2017-07-24 CVE-2017-11582 SQL Injection vulnerability in Finecms 1.9.5/5.0.9
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
network
low complexity
finecms CWE-89
critical
 9.8
9.8
2017-07-22 CVE-2017-3221 SQL Injection vulnerability in Inmarsat Amosconnect 8
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.
network
low complexity
inmarsat CWE-89
critical
 9.8
9.8
2017-07-20 CVE-2017-11475 SQL Injection vulnerability in Glpi-Project Glpi
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
network
low complexity
glpi-project CWE-89
8.8
8.8
2017-07-20 CVE-2017-11474 SQL Injection vulnerability in Glpi-Project Glpi
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
network
low complexity
glpi-project CWE-89
critical
 9.8
9.8
2017-07-20 CVE-2017-11471 SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
network
low complexity
idera CWE-89
critical
 9.8
9.8
2017-07-20 CVE-2017-11470 SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
network
low complexity
idera CWE-89
critical
 9.8
9.8
2017-07-19 CVE-2017-11445 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
network
low complexity
intelliants CWE-89
critical
 9.8
9.8
2017-07-19 CVE-2017-11444 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
network
low complexity
intelliants CWE-89
critical
 9.8
9.8