Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-11 | CVE-2016-9283 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | 5.0 |
| 2016-11-11 | CVE-2016-9282 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | 5.0 |
| 2016-11-11 | CVE-2016-9272 | SQL Injection vulnerability in Exponentcms Exponent CMS A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | 6.4 |
| 2016-11-07 | CVE-2016-9242 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | 6.5 |
| 2016-11-03 | CVE-2016-6453 | SQL Injection vulnerability in Cisco Identity Services Engine 1.3(0.876) A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. | 4.9 |
| 2016-11-03 | CVE-2016-7453 | SQL Injection vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | 7.5 |
| 2016-10-28 | CVE-2016-8582 | SQL Injection vulnerability in Alienvault products A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE. | 7.5 |
| 2016-10-28 | CVE-2016-7919 | SQL Injection vulnerability in Moodle 3.1.2 Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. | 7.5 |
| 2016-10-27 | CVE-2016-6443 | SQL Injection vulnerability in Cisco products A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. | 6.5 |
| 2016-10-27 | CVE-2016-1000122 | SQL Injection vulnerability in Huge-It Slider 1.0.9 XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 6.5 |