Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-08 | CVE-2017-11161 | SQL Injection vulnerability in Synology Photo Station Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | 9.8 |
2017-09-07 | CVE-2017-12227 | SQL Injection vulnerability in Cisco Emergency Responder A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. | 5.4 |
2017-09-07 | CVE-2015-5052 | SQL Injection vulnerability in Sefrengo 1.2.0/1.6.5 SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | 9.8 |
2017-09-07 | CVE-2015-4724 | SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1 SQL injection vulnerability in Concrete5 5.7.3.1. | 8.8 |
2017-09-07 | CVE-2015-4627 | SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0 SQL injection vulnerability in Pragyan CMS 3.0. | 9.8 |
2017-09-07 | CVE-2015-3314 | SQL Injection vulnerability in Tune Library Project Tune Library SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | 8.1 |
2017-09-07 | CVE-2015-3313 | SQL Injection vulnerability in Community Events Project Community Events SQL injection vulnerability in WordPress Community Events plugin before 1.4. | 9.8 |
2017-09-07 | CVE-2017-9834 | SQL Injection vulnerability in Calendarscripts Watupro SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. | 9.8 |
2017-09-05 | CVE-2017-14145 | SQL Injection vulnerability in Helpdezk 1.1.1 HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. | 9.8 |
2017-08-31 | CVE-2016-10509 | SQL Injection vulnerability in Opencart SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php. | 7.2 |