Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-06 | CVE-2014-5186 | SQL Injection vulnerability in ALL Video Gallery Plugin Project All-Video-Gallery 1.2 SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. | 6.5 |
| 2014-08-06 | CVE-2014-5185 | SQL Injection vulnerability in Quartz Plugin Project Quartz Plugin 1.01.1 SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php. | 6.0 |
| 2014-08-06 | CVE-2014-5184 | SQL Injection vulnerability in Stripshow Plugin Project Stripshow 2.5.2 SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | 6.5 |
| 2014-08-06 | CVE-2014-5183 | SQL Injection vulnerability in Simple Retail Menus Plugin Project Simple-Retail-Menus 4.0/4.0.1 SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | 6.5 |
| 2014-08-06 | CVE-2014-5182 | SQL Injection vulnerability in Ostenta Yawpp 1.2 Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | 6.0 |
| 2014-08-06 | CVE-2014-5180 | SQL Injection vulnerability in Hdwplayer Hdw-Player-Video-Player-Video-Gallery 2.4.2 SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | 6.5 |
| 2014-08-06 | CVE-2014-5089 | SQL Injection vulnerability in Status2K SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | 7.5 |
| 2014-08-06 | CVE-2014-5082 | SQL Injection vulnerability in Sphider Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. | 7.5 |
| 2014-07-29 | CVE-2014-3055 | SQL Injection vulnerability in IBM products SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-07-28 | CVE-2014-5104 | SQL Injection vulnerability in Ol-Commerce Project Ol-Commerce 2.1.1 Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | 7.5 |