Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-11 | CVE-2015-6915 | SQL Injection vulnerability in Montala Resourcespace SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php. | 7.5 |
| 2015-09-11 | CVE-2015-6911 | SQL Injection vulnerability in Synology Video Station SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. | 7.5 |
| 2015-09-11 | CVE-2015-6910 | SQL Injection vulnerability in Synology Video Station SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | 7.5 |
| 2015-09-04 | CVE-2015-6811 | SQL Injection vulnerability in Cyberoam Cyberoamos 10.6.2 SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | 7.5 |
| 2015-08-24 | CVE-2015-6659 | SQL Injection vulnerability in Drupal SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | 7.5 |
| 2015-08-19 | CVE-2015-6522 | SQL Injection vulnerability in Wpsymposium WP Symposium SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | 7.5 |
| 2015-08-18 | CVE-2015-6519 | SQL Injection vulnerability in Arabportal Arab Portal 3.0 SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. | 7.5 |
| 2015-08-18 | CVE-2015-5504 | SQL Injection vulnerability in Novalnet Payment Module Ubercart- SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2015-08-18 | CVE-2015-4426 | SQL Injection vulnerability in Pimcore SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | 7.5 |
| 2015-08-18 | CVE-2015-6516 | SQL Injection vulnerability in Cygnux Syspass SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | 6.5 |