Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-12-11 CVE-2016-6619 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-89
8.8
8.8
2016-12-11 CVE-2016-6617 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-12-11 CVE-2016-6616 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
7.5
7.5
2016-12-11 CVE-2016-6611 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-11-30 CVE-2016-2873 SQL Injection vulnerability in IBM Qradar Security Information and Event Manager
SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
8.8
8.8
2016-11-30 CVE-2016-2950 SQL Injection vulnerability in IBM Bigfix Remote Control 9.1.2
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2016-11-29 CVE-2016-9481 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2016-11-15 CVE-2016-9287 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2016-11-14 CVE-2016-8908 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
network
low complexity
dotcms CWE-89
8.8
8.8
2016-11-14 CVE-2016-8907 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
network
low complexity
dotcms CWE-89
8.8
8.8