Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-09-14 CVE-2017-1002012 SQL Injection vulnerability in Anblik Image-Gallery-With-Slideshow 1.5.2
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
network
low complexity
anblik CWE-89
critical
 9.8
9.8
2017-09-14 CVE-2017-1002010 SQL Injection vulnerability in Ontraport Membership Simplified 1.58
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
network
low complexity
ontraport CWE-89
critical
 9.8
9.8
2017-09-14 CVE-2017-1002009 SQL Injection vulnerability in Ontraport Membership Simplified 1.58
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
network
low complexity
ontraport CWE-89
critical
 9.8
9.8
2017-09-14 CVE-2017-1002005 SQL Injection vulnerability in Dtracker Project Dtracker 1.5
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
network
low complexity
dtracker-project CWE-89
7.5
7.5
2017-09-14 CVE-2017-1002004 SQL Injection vulnerability in Dtracker Project Dtracker 1.5
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
network
low complexity
dtracker-project CWE-89
7.5
7.5
2017-09-13 CVE-2017-14403 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-09-13 CVE-2017-14402 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-09-13 CVE-2017-14401 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-09-12 CVE-2017-14396 SQL Injection vulnerability in Osticket 1.10
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
network
low complexity
osticket CWE-89
critical
 9.8
9.8
2017-09-12 CVE-2017-8015 SQL Injection vulnerability in EMC Appsync 2.0/3.0.0
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-89
critical
 9.8
9.8