Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-17 | CVE-2017-5344 | SQL Injection vulnerability in Dotcms An issue was discovered in dotCMS through 3.6.1. | 9.8 |
| 2017-02-17 | CVE-2016-6233 | SQL Injection vulnerability in multiple products The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | 9.8 |
| 2017-02-17 | CVE-2016-4861 | SQL Injection vulnerability in multiple products The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | 9.8 |
| 2017-02-17 | CVE-2016-10134 | SQL Injection vulnerability in Zabbix SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | 9.8 |
| 2017-02-15 | CVE-2016-3694 | SQL Injection vulnerability in Modified Ecommerce Shopsoftware 2.0.0.0 Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. | 9.8 |
| 2017-02-13 | CVE-2017-5154 | SQL Injection vulnerability in Advantech Webaccess 8.1 An issue was discovered in Advantech WebAccess Version 8.1. | 9.8 |
| 2017-02-13 | CVE-2017-5151 | SQL Injection vulnerability in Panasonic Video Insight web Client 6.3.5.11 An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. | 7.3 |
| 2017-02-13 | CVE-2016-9333 | SQL Injection vulnerability in Moxa Softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. | 9.8 |
| 2017-02-13 | CVE-2016-8341 | SQL Injection vulnerability in Ecava Integraxor 5.0.413.0 An issue was discovered in Ecava IntegraXor Version 5.0.413.0. | 9.8 |
| 2017-02-07 | CVE-2016-7400 | SQL Injection vulnerability in Exponentcms Exponent CMS Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. | 9.8 |