Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-07-18 CVE-2017-11415 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-18 CVE-2017-11414 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-18 CVE-2017-11413 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-18 CVE-2017-11412 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-17 CVE-2017-7681 SQL Injection vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection.
network
low complexity
apache CWE-89
8.8
8.8
2017-07-17 CVE-2017-2241 SQL Injection vulnerability in Hammock Assetview 9.2
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
network
low complexity
hammock CWE-89
6.3
6.3
2017-07-17 CVE-2017-1183 SQL Injection vulnerability in IBM Tivoli Monitoring 6.2.2.9/6.2.3.5/6.3.0.7
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used.
high complexity
ibm CWE-89
7.5
7.5
2017-07-17 CVE-2017-11354 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-17 CVE-2017-11329 SQL Injection vulnerability in Glpi-Project Glpi
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.
network
low complexity
glpi-project CWE-89
critical
 9.8
9.8
2017-07-17 CVE-2017-1000067 SQL Injection vulnerability in Modx Revolution
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
network
low complexity
modx CWE-89
8.8
8.8