Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-29	CVE-2017-15960	SQL Injection vulnerability in Yourarticlesdirectory Article Directory Script 3.0 Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. network low complexity yourarticlesdirectory CWE-89 critical	9.8
2017-10-29	CVE-2017-15959	SQL Injection vulnerability in Adultscriptpro 2.2.4 Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. network low complexity adultscriptpro CWE-89 critical	9.8
2017-10-29	CVE-2017-15958	SQL Injection vulnerability in Domainzaar D-Park PRO 1.0 D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. network low complexity domainzaar CWE-89 critical	9.8
2017-10-28	CVE-2017-15949	SQL Injection vulnerability in Angry-Frog Xavier 2.4 Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. network low complexity angry-frog CWE-89	7.2
2017-10-28	CVE-2017-15946	SQL Injection vulnerability in Selfget TAG Meta 1.7.6 In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. network low complexity selfget CWE-89 critical	9.8
2017-10-27	CVE-2017-15933	SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. network low complexity eyesofnetwork CWE-89	7.2
2017-10-26	CVE-2014-2023	SQL Injection vulnerability in Tapatalk Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. network low complexity tapatalk CWE-89 critical	9.8
2017-10-26	CVE-2017-15919	SQL Injection vulnerability in Accesspressthemes Ultimate-Form-Builder-Lite The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. network low complexity accesspressthemes CWE-89 critical	9.8
2017-10-26	CVE-2017-15907	SQL Injection vulnerability in PHPcollab 2.5/2.5.1 SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. network low complexity phpcollab CWE-89 critical	9.8
2017-10-24	CVE-2017-15880	SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). network low complexity eyesofnetwork CWE-89	7.2