Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-13 | CVE-2017-11200 | SQL Injection vulnerability in Finecms Project Finecms SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. | 8.8 |
| 2017-07-12 | CVE-2017-11174 | SQL Injection vulnerability in Xoops 2.5.8.1 In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. | 9.8 |
| 2017-07-09 | CVE-2017-8002 | SQL Injection vulnerability in EMC Data Protection Advisor EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. | 8.8 |
| 2017-07-05 | CVE-2017-1175 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. | 9.8 |
| 2017-07-05 | CVE-2017-1269 | SQL Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. | 9.8 |
| 2017-07-04 | CVE-2017-6698 | SQL Injection vulnerability in Cisco Prime Infrastructure 2.0(4.0.45B)/3.1(1) A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 5.4 |
| 2017-06-29 | CVE-2017-10682 | SQL Injection vulnerability in Piwigo SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | 9.8 |
| 2017-06-24 | CVE-2017-9848 | SQL Injection vulnerability in Easysitecms Easysite 7.0.0 SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. | 9.8 |
| 2017-06-23 | CVE-2017-1347 | SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. | 8.8 |
| 2017-06-22 | CVE-2015-9098 | SQL Injection vulnerability in Red-Gate SQL Monitor 3.5/4.0/4.1 In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. | 9.8 |