Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-11-21 CVE-2015-3934 SQL Injection vulnerability in Fiyo CMS 2.0.1.9.1
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-11-20 CVE-2017-16896 SQL Injection vulnerability in Tt-Rss Tiny RSS 17.4
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
network
low complexity
tt-rss CWE-89
critical
 9.8
9.8
2017-11-17 CVE-2017-1000129 SQL Injection vulnerability in S9Y Serendipity 2.0.3
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
network
low complexity
s9y CWE-89
7.5
7.5
2017-11-16 CVE-2017-16851 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-11-16 CVE-2017-16850 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-11-16 CVE-2017-16849 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-11-16 CVE-2017-16848 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-11-16 CVE-2017-16847 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-11-16 CVE-2017-16846 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-11-16 CVE-2017-12302 SQL Injection vulnerability in Cisco Unified Communications Domain Manager
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.
network
low complexity
cisco CWE-89
4.3
4.3