Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-05-29 CVE-2016-10378 SQL Injection vulnerability in E107 2.1.1
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
network
low complexity
e107 CWE-89
7.2
7.2
2017-05-26 CVE-2017-7236 SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
netapp CWE-89
7.5
7.5
2017-05-22 CVE-2016-4905 SQL Injection vulnerability in Wp-Olivecart Olivecart and Olivecartpro
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
wp-olivecart CWE-89
critical
 9.8
9.8
2017-05-18 CVE-2017-6195 SQL Injection vulnerability in Ipswitch Moveit DMZ and Moveit Transfer 2017
Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection.
network
low complexity
ipswitch CWE-89
critical
 9.8
9.8
2017-05-17 CVE-2017-8917 SQL Injection vulnerability in Joomla Joomla! 3.7.0
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
critical
 9.8
9.8
2017-05-16 CVE-2017-7952 SQL Injection vulnerability in Infor Enterprise Asset Management 11.0Build201410
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
network
low complexity
infor CWE-89
8.8
8.8
2017-05-10 CVE-2017-7886 SQL Injection vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2017-05-09 CVE-2017-5527 SQL Injection vulnerability in Tibco products
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.
network
low complexity
tibco CWE-89
6.5
6.5
2017-05-05 CVE-2017-8796 SQL Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210
An issue was discovered on Accellion FTA devices before FTA_9_12_180.
network
low complexity
accellion CWE-89
critical
 9.8
9.8
2017-05-05 CVE-2017-8789 SQL Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210
An issue was discovered on Accellion FTA devices before FTA_9_12_180.
network
low complexity
accellion CWE-89
critical
 9.8
9.8