Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-02 | CVE-2014-9457 | SQL Injection vulnerability in PMB Services PMB 4.1.3 SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. | 6.5 |
2015-01-02 | CVE-2014-9455 | SQL Injection vulnerability in CTS Projects&Software Classad 3.0 SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2015-01-02 | CVE-2014-9450 | SQL Injection vulnerability in Zabbix Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. | 7.5 |
2015-01-02 | CVE-2014-9445 | SQL Injection vulnerability in Installatron Gatequest File Manager 0.2.5 SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. | 7.5 |
2015-01-02 | CVE-2014-9442 | SQL Injection vulnerability in Reality66 Cart66 Lite 1.5.3 SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. | 6.5 |
2015-01-02 | CVE-2014-9440 | SQL Injection vulnerability in PHPmyrecipes Project PHPmyrecipes 1.2.2 SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2015-01-02 | CVE-2014-9435 | SQL Injection vulnerability in Absolutengine Absolut Engine 1.73 Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. | 6.5 |
2015-01-01 | CVE-2011-5313 | SQL Injection vulnerability in Redaxscript 0.3.2 Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | 7.5 |
2015-01-01 | CVE-2011-5308 | SQL Injection vulnerability in Cdnvote Project Cdnvote 0.4.1 Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. | 7.5 |
2015-01-01 | CVE-2011-5286 | SQL Injection vulnerability in Social Slider Project Social Slider 7.4.0 SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | 7.5 |