Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-08 | CVE-2015-3933 | SQL Injection vulnerability in Metalgenix Genixcms 0.0.1/0.0.2/0.0.3 Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | 9.8 |
| 2017-11-07 | CVE-2017-16561 | SQL Injection vulnerability in Ingenious School Management System Project Ingenious School Management System 2.3.0 /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | 9.8 |
| 2017-11-05 | CVE-2017-16543 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | 9.8 |
| 2017-11-05 | CVE-2017-16542 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | 8.8 |
| 2017-11-02 | CVE-2017-11508 | SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2 SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. | 8.8 |
| 2017-11-02 | CVE-2017-16510 | SQL Injection vulnerability in Wordpress WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | 9.8 |
| 2017-11-02 | CVE-2017-12276 | SQL Injection vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 8.1 |
| 2017-10-31 | CVE-2017-14356 | SQL Injection vulnerability in HP products An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. | 9.8 |
| 2017-10-31 | CVE-2017-15993 | SQL Injection vulnerability in Zomato Clone Script Project Zomato Clone Script Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | 9.8 |
| 2017-10-31 | CVE-2017-15992 | SQL Injection vulnerability in Website Broker Script Project Website Broker Script Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | 9.8 |