Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-09-11 CVE-2017-14247 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-09-11 CVE-2017-14242 SQL Injection vulnerability in Dolibarr 6.0.0
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2017-09-11 CVE-2017-14238 SQL Injection vulnerability in Dolibarr 6.0.0
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2017-09-09 CVE-2017-12731 SQL Injection vulnerability in Opwglobal products
A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1.
network
low complexity
opwglobal CWE-89
critical
 9.8
9.8
2017-09-08 CVE-2017-11161 SQL Injection vulnerability in Synology Photo Station
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
network
low complexity
synology CWE-89
critical
 9.8
9.8
2017-09-07 CVE-2017-12227 SQL Injection vulnerability in Cisco Emergency Responder
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack.
network
low complexity
cisco CWE-89
5.4
5.4
2017-09-07 CVE-2015-5052 SQL Injection vulnerability in Sefrengo 1.2.0/1.6.5
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
network
low complexity
sefrengo CWE-89
critical
 9.8
9.8
2017-09-07 CVE-2015-4724 SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1
SQL injection vulnerability in Concrete5 5.7.3.1.
network
low complexity
concretecms CWE-89
8.8
8.8
2017-09-07 CVE-2015-4627 SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0
SQL injection vulnerability in Pragyan CMS 3.0.
network
low complexity
pragyan-cms-project CWE-89
critical
 9.8
9.8
2017-09-07 CVE-2015-3314 SQL Injection vulnerability in Tune Library Project Tune Library
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
network
high complexity
tune-library-project CWE-89
8.1
8.1