Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2015-7568 | SQL Injection vulnerability in Yeager CMS 1.2.1 SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | 9.8 |
| 2017-04-22 | CVE-2017-7991 | SQL Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 9.8 |
| 2017-04-20 | CVE-2016-1218 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in Cybozu Garoon before 4.2.2. | 8.8 |
| 2017-04-14 | CVE-2017-7879 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | 7.5 |
| 2017-04-14 | CVE-2017-7878 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | 9.8 |
| 2017-04-14 | CVE-2017-7717 | SQL Injection vulnerability in SAP Netweaver Application Server Java 7.40 SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | 8.8 |
| 2017-04-14 | CVE-2015-8356 | SQL Injection vulnerability in Bitrix Project Bitrix 6.5.2 Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | 8.0 |
| 2017-04-13 | CVE-2016-6818 | SQL Injection vulnerability in SAP Business Intelligence Platform SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. | 9.8 |
| 2017-04-13 | CVE-2016-2566 | SQL Injection vulnerability in Samsung Galaxy S6 Firmware G920Fxxu2Coh2 Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | 9.8 |
| 2017-04-13 | CVE-2016-2555 | SQL Injection vulnerability in Atutor 2.2.1 SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | 9.8 |