Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-10 | CVE-2017-7886 | SQL Injection vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | 9.8 |
| 2017-05-09 | CVE-2017-5527 | SQL Injection vulnerability in Tibco products TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. | 6.5 |
| 2017-05-05 | CVE-2017-8796 | SQL Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210 An issue was discovered on Accellion FTA devices before FTA_9_12_180. | 9.8 |
| 2017-05-05 | CVE-2017-8789 | SQL Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210 An issue was discovered on Accellion FTA devices before FTA_9_12_180. | 9.8 |
| 2017-05-05 | CVE-2017-6557 | SQL Injection vulnerability in Xirrus Arrayos SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-05-01 | CVE-2017-8377 | SQL Injection vulnerability in Genixcms 1.0.2 GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. | 8.8 |
| 2017-04-28 | CVE-2017-2120 | SQL Injection vulnerability in Wbce CMS SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 7.2 |
| 2017-04-25 | CVE-2017-7221 | SQL Injection vulnerability in Opentext Documentum Content Server OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. | 8.8 |
| 2017-04-24 | CVE-2017-3549 | SQL Injection vulnerability in Oracle Scripting Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). | 9.1 |
| 2017-04-24 | CVE-2015-7569 | SQL Injection vulnerability in Yeager CMS 1.2.1 SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | 8.8 |