Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-18 | CVE-2015-6516 | SQL Injection vulnerability in Cygnux Syspass SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | 6.5 |
2015-08-18 | CVE-2015-6513 | SQL Injection vulnerability in J2Store Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. | 7.5 |
2015-08-18 | CVE-2015-6512 | SQL Injection vulnerability in Codelogic Freichat 9.6 SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php. | 5.0 |
2015-08-18 | CVE-2015-5599 | SQL Injection vulnerability in Powerplay Gallery Project Powerplay Gallery 3.3 Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. | 7.5 |
2015-08-11 | CVE-2015-4634 | SQL Injection vulnerability in Cacti SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | 7.5 |
2015-08-01 | CVE-2015-1491 | SQL Injection vulnerability in Symantec Endpoint Protection Manager 12.1.0 SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
2015-07-19 | CVE-2015-2972 | SQL Injection vulnerability in Sysphonic Thetis 2.1.0/2.2.0 Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2015-07-14 | CVE-2015-1560 | SQL Injection vulnerability in Centreon SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. | 7.5 |
2015-07-08 | CVE-2015-4614 | SQL Injection vulnerability in Easy2Map Project Easy2Map Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors. | 7.5 |
2015-07-08 | CVE-2015-5459 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | 6.5 |