Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-3046 | SQL Injection vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to SQL injection. | 4.0 |
| 2017-01-31 | CVE-2016-9416 | SQL Injection vulnerability in Mybb Merge System and Mybb SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2017-01-31 | CVE-2016-9402 | SQL Injection vulnerability in Mybb Merge System and Mybb SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2017-01-31 | CVE-2015-8974 | SQL Injection vulnerability in Mybb Merge System and Mybb SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2017-01-30 | CVE-2017-5611 | SQL Injection vulnerability in multiple products SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | 7.5 |
| 2017-01-28 | CVE-2017-5609 | SQL Injection vulnerability in S9Y Serendipity 2.0.5 SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | 6.5 |
| 2017-01-27 | CVE-2017-5598 | SQL Injection vulnerability in Eclinicalworks Patient Portal 8.0 An issue was discovered in eClinicalWorks healow@work 8.0 build 8. | 5.0 |
| 2017-01-23 | CVE-2016-5742 | SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2017-01-23 | CVE-2016-4338 | SQL Injection vulnerability in Zabbix The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. | 6.8 |
| 2017-01-23 | CVE-2016-0769 | SQL Injection vulnerability in Elfden Eshop Plugin 6.3.14 Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. | 6.5 |