Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-16 | CVE-2015-4612 | SQL Injection vulnerability in Faq-Frequenty Asked Questions Project Faq-Frequently Asked Questions 1.2.0 SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-06-16 | CVE-2015-4611 | SQL Injection vulnerability in Smoelenboek Project Smoelenboek 1.0.8 SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-06-16 | CVE-2015-4610 | SQL Injection vulnerability in Store Locator Project Store Locator 3.3.0 SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-06-16 | CVE-2015-4609 | SQL Injection vulnerability in WT Directory Project WT Directory 1.4.1 SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-06-15 | CVE-2015-4118 | SQL Injection vulnerability in Ispconfig 3.0.5.4 SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. | 6.5 |
2015-06-15 | CVE-2015-4348 | SQL Injection vulnerability in Spider Contacts Project Spider Contacts SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
2015-06-13 | CVE-2015-3993 | SQL Injection vulnerability in Actian Matrix 5.1.1/5.1.2/5.2.0 Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | 6.5 |
2015-06-13 | CVE-2015-2956 | SQL Injection vulnerability in Igreks products SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2015-06-09 | CVE-2015-4109 | SQL Injection vulnerability in Usersultra Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php. | 7.5 |
2015-06-08 | CVE-2015-2999 | SQL Injection vulnerability in Sysaid Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp. | 6.5 |