Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-08-14 | CVE-2012-0939 | SQL Injection vulnerability in Testlink 1.8.5B/1.9.3 Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. | 6.5 |
2014-08-14 | CVE-2012-0938 | SQL Injection vulnerability in Testlink 1.8.5B/1.9.3 Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. | 6.5 |
2014-08-12 | CVE-2014-3339 | SQL Injection vulnerability in Cisco products Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | 6.5 |
2014-08-12 | CVE-2014-5201 | SQL Injection vulnerability in Gallery Objects Project Gallery Objects 0.4 SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. | 7.5 |
2014-08-12 | CVE-2014-5200 | SQL Injection vulnerability in FB Gorilla Project FB Gorilla SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2014-08-12 | CVE-2011-2944 | SQL Injection vulnerability in Megalab the Uploader 2.0.4 SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2014-08-11 | CVE-2014-3336 | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | 6.5 |
2014-08-07 | CVE-2014-5192 | SQL Injection vulnerability in Sphider 1.3.6 SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | 7.5 |
2014-08-07 | CVE-2014-5189 | SQL Injection vulnerability in Leadoctopus Lead Octopus SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2014-08-07 | CVE-2014-3773 | SQL Injection vulnerability in Teampass Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | 7.5 |