Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-29 | CVE-2015-7858 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | 7.5 |
2015-10-29 | CVE-2015-7857 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | 7.5 |
2015-10-29 | CVE-2015-7297 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | 7.5 |
2015-10-29 | CVE-2015-5668 | SQL Injection vulnerability in Techno Project Japan Enisys GW SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2015-10-28 | CVE-2015-7903 | SQL Injection vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-28 | CVE-2015-6486 | SQL Injection vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-21 | CVE-2015-7299 | SQL Injection vulnerability in Nintex K2 Blackpearl, K2 for Sharepoint and K2 Smartforms SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. | 7.5 |
2015-10-21 | CVE-2015-7876 | SQL Injection vulnerability in Drupal 7 Driver FOR SQL Server and SQL Azure Project Drupal 7 Driver FOR SQL Server and SQL Azure The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. | 7.5 |
2015-10-16 | CVE-2015-7682 | SQL Injection vulnerability in Genetechsolutions PIE Register Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. | 6.5 |
2015-10-15 | CVE-2015-7727 | SQL Injection vulnerability in SAP Hana 1.00.73.00.389160 Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. | 6.5 |