Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-31 | CVE-2014-9254 | SQL Injection vulnerability in Minibb 3.1 bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. | 7.5 |
2014-12-24 | CVE-2014-8810 | SQL Injection vulnerability in Wpsymposiumpro WP Symposium SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action. | 6.5 |
2014-12-23 | CVE-2014-9115 | SQL Injection vulnerability in Piwigo SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit. | 7.5 |
2014-12-19 | CVE-2014-9258 | SQL Injection vulnerability in Glpi-Project Glpi SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | 6.5 |
2014-12-18 | CVE-2014-6080 | SQL Injection vulnerability in IBM products SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2014-12-16 | CVE-2014-8248 | SQL Injection vulnerability in Broadcom Release Automation 4.7.1 SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | 6.5 |
2014-12-16 | CVE-2014-9057 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-12-16 | CVE-2014-8340 | SQL Injection vulnerability in Zoneo-Soft PHPtraffica 2.2.1 SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. | 7.5 |
2014-12-15 | CVE-2014-8507 | SQL Injection vulnerability in Google Android Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. | 7.5 |
2014-12-08 | CVE-2014-9348 | SQL Injection vulnerability in Robotstats 1.0 SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | 7.5 |