Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-17	CVE-2017-1000060	SQL Injection vulnerability in Eyesofnetwork 5.10 EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root network low complexity eyesofnetwork CWE-89 critical	9.8
2017-07-17	CVE-2017-1000031	SQL Injection vulnerability in Cacti 0.8.8B SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. network low complexity cacti CWE-89	8.8
2017-07-17	CVE-2017-1000004	SQL Injection vulnerability in Atutor ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution. network low complexity atutor CWE-89 critical	9.8
2017-07-13	CVE-2017-11200	SQL Injection vulnerability in Finecms Project Finecms SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. network low complexity finecms-project CWE-89	8.8
2017-07-12	CVE-2017-11174	SQL Injection vulnerability in Xoops 2.5.8.1 In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. network low complexity xoops CWE-89 critical	9.8
2017-07-09	CVE-2017-8002	SQL Injection vulnerability in EMC Data Protection Advisor EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. network low complexity emc CWE-89	8.8
2017-07-05	CVE-2017-1175	SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. network low complexity ibm CWE-89 critical	9.8
2017-07-05	CVE-2017-1269	SQL Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. network low complexity ibm CWE-89 critical	9.8
2017-07-04	CVE-2017-6698	SQL Injection vulnerability in Cisco Prime Infrastructure 2.0(4.0.45B)/3.1(1) A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. network low complexity cisco CWE-89	5.4
2017-06-29	CVE-2017-10682	SQL Injection vulnerability in Piwigo SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. network low complexity piwigo CWE-89 critical	9.8