Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-21 | CVE-2017-17823 | SQL Injection vulnerability in Piwigo 2.9.2 The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. | 4.9 |
| 2017-12-21 | CVE-2017-17822 | SQL Injection vulnerability in Piwigo 2.9.2 The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. | 4.9 |
| 2017-12-20 | CVE-2012-2576 | SQL Injection vulnerability in Solarwinds Backup Profiler, Storage Manager and Storage Profiler SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | 9.8 |
| 2017-12-20 | CVE-2017-16735 | SQL Injection vulnerability in Ecava Integraxor A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. | 5.3 |
| 2017-12-20 | CVE-2017-16733 | SQL Injection vulnerability in Ecava Integraxor A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. | 5.3 |
| 2017-12-20 | CVE-2017-1757 | SQL Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 is vulnerable to SQL injection. | 8.8 |
| 2017-12-20 | CVE-2017-17779 | SQL Injection vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | 9.8 |
| 2017-12-19 | CVE-2017-15875 | SQL Injection vulnerability in Sistemagpweb Gpweb 8.4.61 SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | 9.8 |
| 2017-12-18 | CVE-2017-17721 | SQL Injection vulnerability in Zuuse Beims Contractorweb .Net 5.18.0.0 CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | 9.8 |
| 2017-12-18 | CVE-2017-17651 | SQL Injection vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | 9.8 |