Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-07	CVE-2015-3313	SQL Injection vulnerability in Community Events Project Community Events SQL injection vulnerability in WordPress Community Events plugin before 1.4. network low complexity community-events-project CWE-89 critical	9.8
2017-09-07	CVE-2017-9834	SQL Injection vulnerability in Calendarscripts Watupro SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. network low complexity calendarscripts CWE-89 critical	9.8
2017-09-05	CVE-2017-14145	SQL Injection vulnerability in Helpdezk 1.1.1 HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. network low complexity helpdezk CWE-89 critical	9.8
2017-08-31	CVE-2016-10509	SQL Injection vulnerability in Opencart SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php. network low complexity opencart CWE-89	7.2
2017-08-31	CVE-2017-14076	SQL Injection vulnerability in Nexusphp 1.5 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. network low complexity nexusphp CWE-89 critical	9.8
2017-08-31	CVE-2017-14069	SQL Injection vulnerability in Nexusphp 1.5 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. network low complexity nexusphp CWE-89 critical	9.8
2017-08-30	CVE-2017-12710	SQL Injection vulnerability in Advantech Webaccess A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. network low complexity advantech CWE-89	7.5
2017-08-29	CVE-2015-8334	SQL Injection vulnerability in Huawei Vcn500 Firmware V100R002C00Spc200/V100R002C00Spc200B010 SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. network low complexity huawei CWE-89	8.8
2017-08-29	CVE-2015-7517	SQL Injection vulnerability in Labwebdesigns Double Opt-In for Download Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. network low complexity labwebdesigns CWE-89 critical	9.8
2017-08-29	CVE-2017-10842	SQL Injection vulnerability in Basercms SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity basercms CWE-89 critical	9.8