Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-19 | CVE-2015-4678 | SQL Injection vulnerability in Persian CAR CMS Project Persian CAR CMS 1.0 SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. | 7.5 |
2015-06-19 | CVE-2015-4676 | SQL Injection vulnerability in Aftab Tickfa 1.0.1 SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action. | 6.5 |
2015-06-18 | CVE-2015-4658 | SQL Injection vulnerability in Milw0Rm Project Milw0Rm Clone Script 1.0 Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter. | 7.5 |
2015-06-18 | CVE-2015-4654 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. | 7.5 |
2015-06-18 | CVE-2015-4628 | SQL Injection vulnerability in Limesurvey SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter. | 6.5 |
2015-06-17 | CVE-2015-4454 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. | 7.5 |
2015-06-17 | CVE-2015-4342 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | 7.5 |
2015-06-17 | CVE-2015-2803 | SQL Injection vulnerability in Akronymmanager Project Akronymmanager SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter. | 6.0 |
2015-06-17 | CVE-2015-4188 | SQL Injection vulnerability in Cisco Prime Collaboration 10.5(1) SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. | 5.0 |
2015-06-16 | CVE-2015-4613 | SQL Injection vulnerability in Developer LOG Project Developer LOG 2.11.3 SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. | 6.5 |