Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-13 | CVE-2014-10004 | SQL Injection vulnerability in Maianscriptworld Maian Uploader 4.0 SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2015-01-13 | CVE-2014-100003 | SQL Injection vulnerability in Yourmembers Project Yourmembers SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. | 7.5 |
| 2015-01-12 | CVE-2014-2839 | SQL Injection vulnerability in Dev4Press GD Star Rating 19.22 SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. | 7.5 |
| 2015-01-08 | CVE-2015-0919 | SQL Injection vulnerability in Sefrengo 1.6.0 Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | 7.5 |
| 2015-01-08 | CVE-2012-5853 | SQL Injection vulnerability in Ajax Search Project Ajax Search 1.0/1.1/1.2 SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. | 7.5 |
| 2015-01-06 | CVE-2014-9528 | SQL Injection vulnerability in Humhub 0.10.0 SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. | 7.5 |
| 2015-01-05 | CVE-2014-9520 | SQL Injection vulnerability in Infinitewp 2.4.2/2.4.3 SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. | 7.5 |
| 2015-01-05 | CVE-2014-9519 | SQL Injection vulnerability in Infinitewp 2.4.2 SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
| 2015-01-05 | CVE-2014-8083 | SQL Injection vulnerability in Osclass SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. | 7.5 |
| 2015-01-03 | CVE-2014-9464 | SQL Injection vulnerability in Microweber SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | 7.5 |