Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-08-18 CVE-2017-12946 SQL Injection vulnerability in Easymodal Project Easy Modal
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
network
low complexity
easymodal-project CWE-89
7.2
7.2
2017-08-18 CVE-2017-12776 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-17 CVE-2017-12910 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-17 CVE-2017-12909 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-17 CVE-2017-12908 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
network
low complexity
nexusphp-project CWE-89
critical
 9.8
9.8
2017-08-11 CVE-2015-3616 SQL Injection vulnerability in Fortinet Fortimanager Firmware
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
network
low complexity
fortinet CWE-89
critical
 9.8
9.8
2017-08-10 CVE-2017-1174 SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
8.8
2017-08-09 CVE-2017-12774 SQL Injection vulnerability in Finecms Project Finecms 1.9.5
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
network
low complexity
finecms-project CWE-89
critical
 9.8
9.8
2017-08-09 CVE-2015-0782 SQL Injection vulnerability in Novell Zenworks Configuration Management
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
novell CWE-89
critical
 9.8
9.8
2017-08-09 CVE-2015-0780 SQL Injection vulnerability in Novell Zenworks Configuration Management
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
novell CWE-89
critical
 9.8
9.8