Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-07-20 CVE-2017-11475 SQL Injection vulnerability in Glpi-Project Glpi
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
network
low complexity
glpi-project CWE-89
8.8
8.8
2017-07-20 CVE-2017-11474 SQL Injection vulnerability in Glpi-Project Glpi
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
network
low complexity
glpi-project CWE-89
critical
 9.8
9.8
2017-07-20 CVE-2017-11471 SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
network
low complexity
idera CWE-89
critical
 9.8
9.8
2017-07-20 CVE-2017-11470 SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
network
low complexity
idera CWE-89
critical
 9.8
9.8
2017-07-19 CVE-2017-11445 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
network
low complexity
intelliants CWE-89
critical
 9.8
9.8
2017-07-19 CVE-2017-11444 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
network
low complexity
intelliants CWE-89
critical
 9.8
9.8
2017-07-18 CVE-2017-11419 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-18 CVE-2017-11418 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-18 CVE-2017-11417 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-18 CVE-2017-11416 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
network
low complexity
fiyo CWE-89
critical
 9.8
9.8