Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-12-29 CVE-2017-17916 SQL Injection vulnerability in Rubyonrails Rails
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.
network
high complexity
rubyonrails CWE-89
8.1
2017-12-29 CVE-2014-4914 SQL Injection vulnerability in multiple products
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
network
low complexity
zend debian CWE-89
critical
9.8
2017-12-28 CVE-2017-17959 SQL Injection vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
network
low complexity
php-multivendor-ecommerce-project CWE-89
critical
9.8
2017-12-28 CVE-2017-17957 SQL Injection vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
network
low complexity
php-multivendor-ecommerce-project CWE-89
critical
9.8
2017-12-28 CVE-2017-17951 SQL Injection vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
network
low complexity
php-multivendor-ecommerce-project CWE-89
critical
9.8
2017-12-28 CVE-2017-17950 SQL Injection vulnerability in Cells Blog 3.5
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
network
low complexity
cells CWE-89
8.8
2017-12-28 CVE-2017-17941 SQL Injection vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
7.2
2017-12-28 CVE-2015-3637 SQL Injection vulnerability in PHPmybackuppro
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.
network
high complexity
phpmybackuppro CWE-89
8.1
2017-12-27 CVE-2017-17931 SQL Injection vulnerability in Resume Clone Script Project Resume Clone Script 2.0.5
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
network
low complexity
resume-clone-script-project CWE-89
critical
9.8
2017-12-27 CVE-2017-17928 SQL Injection vulnerability in Ordermanagementscript Professional Service Script
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
network
low complexity
ordermanagementscript CWE-89
critical
9.8