Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-10-31 CVE-2017-15980 SQL Injection vulnerability in Rowindex US ZIP Codes Database Script 1.0
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
network
low complexity
rowindex CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15979 SQL Injection vulnerability in Odallated Shareet 1.0
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
network
low complexity
odallated CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15978 SQL Injection vulnerability in Arox School ERP PHP Script 1.0
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
network
low complexity
arox CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15977 SQL Injection vulnerability in Protectedlinks Expiring Download Links 1.0
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
network
low complexity
protectedlinks CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-16000 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
network
low complexity
eyesofnetwork CWE-89
7.2
7.2
2017-10-29 CVE-2017-15976 SQL Injection vulnerability in Zeescripts Zeebuddy 2X
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
network
low complexity
zeescripts CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15975 SQL Injection vulnerability in Vastal Dating Zone 0.9.9
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
network
low complexity
vastal CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15974 SQL Injection vulnerability in Datacomponents Tpanel 2009
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
network
low complexity
datacomponents CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15973 SQL Injection vulnerability in Sokial 1.0
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
network
low complexity
sokial CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-15972 SQL Injection vulnerability in Softdatepro Dating Software 1.3
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
network
low complexity
softdatepro CWE-89
critical
 9.8
9.8