Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2016-1914 | SQL Injection vulnerability in Blackberry Enterprise Service Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. | 8.8 |
| 2017-04-13 | CVE-2017-7628 | SQL Injection vulnerability in Smart Related Articles Project Smart Related Articles 1.1 The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | 9.8 |
| 2017-04-12 | CVE-2016-4893 | SQL Injection vulnerability in Setucocms Project Setucocms SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-04-12 | CVE-2016-4337 | SQL Injection vulnerability in Ktools Photostore 4.7.4 SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | 9.8 |
| 2017-04-12 | CVE-2015-7564 | SQL Injection vulnerability in Teampass Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. | 9.8 |
| 2017-04-12 | CVE-2017-7719 | SQL Injection vulnerability in Web-Dorado Spider Event Calendar SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. | 9.8 |
| 2017-04-11 | CVE-2017-6088 | SQL Injection vulnerability in Eyesofnetwork 4.23/4.30/5.0 Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | 7.2 |
| 2017-04-11 | CVE-2016-4468 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-04-10 | CVE-2015-6028 | SQL Injection vulnerability in Castlerock Snmpc 12.1/9.0 Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | 8.8 |
| 2017-04-07 | CVE-2017-7581 | SQL Injection vulnerability in News System Project News System SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | 9.8 |