Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-30 | CVE-2015-7784 | SQL Injection vulnerability in Bokublock Bbadminviewscontrol and Bbadminviewscontrol213 SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 4.0 |
2015-12-29 | CVE-2015-7791 | SQL Injection vulnerability in Collne Welcart Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. | 6.5 |
2015-12-27 | CVE-2015-6537 | SQL Injection vulnerability in Epiphanyhealthdata Cardio Server 3.3 SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | 7.5 |
2015-12-27 | CVE-2015-6004 | SQL Injection vulnerability in Ipswitch Whatsup Gold Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | 6.5 |
2015-12-17 | CVE-2015-8369 | SQL Injection vulnerability in Cacti SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | 7.5 |
2015-12-15 | CVE-2015-8377 | SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | 6.5 |
2015-11-09 | CVE-2015-2213 | SQL Injection vulnerability in Wordpress SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. | 7.5 |
2015-11-08 | CVE-2015-1989 | SQL Injection vulnerability in IBM Security Qradar Incident Forensics SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-11-02 | CVE-2015-5308 | SQL Injection vulnerability in Wp-Championship Project Wp-Championship 5.8 Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. | 7.5 |
2015-10-30 | CVE-2015-6350 | SQL Injection vulnerability in Cisco Prime Service Catalog 11.0Base SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | 6.5 |