Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-08-17 CVE-2017-12910 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
network
low complexity
nexusphp-project CWE-89
critical
9.8
2017-08-17 CVE-2017-12909 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
network
low complexity
nexusphp-project CWE-89
critical
9.8
2017-08-17 CVE-2017-12908 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
network
low complexity
nexusphp-project CWE-89
critical
9.8
2017-08-11 CVE-2015-3616 SQL Injection vulnerability in Fortinet Fortimanager Firmware
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
network
low complexity
fortinet CWE-89
critical
9.8
2017-08-10 CVE-2017-1174 SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2017-08-09 CVE-2017-12774 SQL Injection vulnerability in Finecms Project Finecms 1.9.5
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
network
low complexity
finecms-project CWE-89
critical
9.8
2017-08-09 CVE-2015-0782 SQL Injection vulnerability in Novell Zenworks Configuration Management
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
novell CWE-89
critical
9.8
2017-08-09 CVE-2015-0780 SQL Injection vulnerability in Novell Zenworks Configuration Management
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
novell CWE-89
critical
9.8
2017-08-07 CVE-2017-12650 SQL Injection vulnerability in Loginizer
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
network
low complexity
loginizer CWE-89
critical
9.8
2017-08-07 CVE-2017-12567 SQL Injection vulnerability in Quest products
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
network
low complexity
quest CWE-89
critical
9.8