Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-20 | CVE-2017-2133 | SQL Injection vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-10-18 | CVE-2015-5376 | SQL Injection vulnerability in Gsi-Office Winpat Portal 3.2.0.1001/3.6.1.0 SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | 9.8 |
| 2017-10-18 | CVE-2015-7714 | SQL Injection vulnerability in Realtyna Property Listing 8.9/8.9.2 Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php. | 7.2 |
| 2017-10-18 | CVE-2017-15579 | SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | 9.8 |
| 2017-10-18 | CVE-2017-15578 | SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | 8.8 |
| 2017-10-17 | CVE-2017-15539 | SQL Injection vulnerability in Zorovavi/Blog Project Zorovavi/Blog 20171017 SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | 9.8 |
| 2017-10-16 | CVE-2014-8621 | SQL Injection vulnerability in Store Locator Project Store Locator 2.3/3.11 SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | 9.8 |
| 2017-10-16 | CVE-2017-15373 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | 9.8 |
| 2017-10-06 | CVE-2015-2147 | SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 9.8 |
| 2017-10-06 | CVE-2015-2146 | SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | 9.8 |