Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-06-05 CVE-2017-8835 SQL Injection vulnerability in Peplink products
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-89
critical
 9.8
9.8
2017-06-04 CVE-2017-9427 SQL Injection vulnerability in Bigtreecms Bigtree CMS
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php.
network
low complexity
bigtreecms CWE-89
8.8
8.8
2017-06-02 CVE-2017-9360 SQL Injection vulnerability in Websitebaker 2.10.0
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
network
low complexity
websitebaker CWE-89
critical
 9.8
9.8
2017-05-29 CVE-2016-10379 SQL Injection vulnerability in Virtuemart 3.0.14
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.
network
low complexity
virtuemart CWE-89
7.2
7.2
2017-05-29 CVE-2016-10378 SQL Injection vulnerability in E107 2.1.1
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
network
low complexity
e107 CWE-89
7.2
7.2
2017-05-26 CVE-2017-7236 SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
netapp CWE-89
7.5
7.5
2017-05-22 CVE-2016-4905 SQL Injection vulnerability in Wp-Olivecart Olivecart and Olivecartpro
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
wp-olivecart CWE-89
critical
 9.8
9.8
2017-05-18 CVE-2017-6195 SQL Injection vulnerability in Ipswitch Moveit DMZ and Moveit Transfer 2017
Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection.
network
low complexity
ipswitch CWE-89
critical
 9.8
9.8
2017-05-17 CVE-2017-8917 SQL Injection vulnerability in Joomla Joomla! 3.7.0
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
critical
 9.8
9.8
2017-05-16 CVE-2017-7952 SQL Injection vulnerability in Infor Enterprise Asset Management 11.0Build201410
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
network
low complexity
infor CWE-89
8.8
8.8