Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-06 | CVE-2015-2147 | SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 9.8 |
| 2017-10-06 | CVE-2015-2146 | SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | 9.8 |
| 2017-10-06 | CVE-2017-13068 | SQL Injection vulnerability in Qnap QTS Helpdesk 1.1.12 QNAP has already patched this vulnerability. | 7.5 |
| 2017-10-05 | CVE-2017-1000120 | SQL Injection vulnerability in Frappe [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | 8.8 |
| 2017-10-03 | CVE-2017-6089 | SQL Injection vulnerability in PHPcollab 2.5/2.5.1 SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php. | 9.8 |
| 2017-10-03 | CVE-2017-14848 | SQL Injection vulnerability in Dasinfomedia Wphrm Human Resource Management System 1.0 WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | 8.8 |
| 2017-10-03 | CVE-2017-14758 | SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. | 8.8 |
| 2017-10-03 | CVE-2017-14757 | SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. | 8.8 |
| 2017-10-03 | CVE-2017-1311 | SQL Injection vulnerability in IBM Insights Foundation for Energy 2.0 IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. | 8.8 |
| 2017-09-30 | CVE-2017-14738 | SQL Injection vulnerability in Filerun 2017.09.18 FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | 9.8 |