Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-10-31 CVE-2017-15984 SQL Injection vulnerability in Bekirk Creative Management System Lite 1.4
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
network
low complexity
bekirk CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15983 SQL Injection vulnerability in Geniusocean Mymagazine Magazine & Blog CMS 1.0
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
network
low complexity
geniusocean CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15982 SQL Injection vulnerability in Geniusocean News 1.0
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
network
low complexity
geniusocean CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15981 SQL Injection vulnerability in Geniusocean Newspaper 1.0
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
network
low complexity
geniusocean CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15980 SQL Injection vulnerability in Rowindex US ZIP Codes Database Script 1.0
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
network
low complexity
rowindex CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15979 SQL Injection vulnerability in Odallated Shareet 1.0
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
network
low complexity
odallated CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15978 SQL Injection vulnerability in Arox School ERP PHP Script 1.0
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
network
low complexity
arox CWE-89
critical
 9.8
9.8
2017-10-31 CVE-2017-15977 SQL Injection vulnerability in Protectedlinks Expiring Download Links 1.0
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
network
low complexity
protectedlinks CWE-89
critical
 9.8
9.8
2017-10-29 CVE-2017-16000 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
network
low complexity
eyesofnetwork CWE-89
7.2
7.2
2017-10-29 CVE-2017-15976 SQL Injection vulnerability in Zeescripts Zeebuddy 2X
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
network
low complexity
zeescripts CWE-89
critical
 9.8
9.8