Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-02-17 CVE-2016-10134 SQL Injection vulnerability in Zabbix
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
network
low complexity
zabbix CWE-89
critical
 9.8
9.8
2017-02-15 CVE-2016-3694 SQL Injection vulnerability in Modified Ecommerce Shopsoftware 2.0.0.0
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.
network
low complexity
modified CWE-89
critical
 9.8
9.8
2017-02-13 CVE-2017-5154 SQL Injection vulnerability in Advantech Webaccess 8.1
An issue was discovered in Advantech WebAccess Version 8.1.
network
low complexity
advantech CWE-89
critical
 9.8
9.8
2017-02-13 CVE-2017-5151 SQL Injection vulnerability in Panasonic Video Insight web Client 6.3.5.11
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions.
network
low complexity
panasonic CWE-89
7.3
7.3
2017-02-13 CVE-2016-9333 SQL Injection vulnerability in Moxa Softcms
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6.
network
low complexity
moxa CWE-89
critical
 9.8
9.8
2017-02-13 CVE-2016-8341 SQL Injection vulnerability in Ecava Integraxor 5.0.413.0
An issue was discovered in Ecava IntegraXor Version 5.0.413.0.
network
low complexity
ecava CWE-89
critical
 9.8
9.8
2017-02-07 CVE-2016-7400 SQL Injection vulnerability in Exponentcms Exponent CMS
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2017-02-06 CVE-2017-5879 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.1
An issue was discovered in Exponent CMS 2.4.1.
network
low complexity
exponentcms CWE-89
critical
 9.8
9.8
2017-02-02 CVE-2017-5218 SQL Injection vulnerability in Sagecrm
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3.
network
low complexity
sagecrm CWE-89
8.8
8.8
2017-02-01 CVE-2016-8930 SQL Injection vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.6
7.6