Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-14 | CVE-2013-4879 | SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.0 SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. | 7.5 |
| 2013-08-09 | CVE-2013-4789 | SQL Injection vulnerability in Cotonti Siena SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php. | 7.5 |
| 2013-08-09 | CVE-2013-4619 | SQL Injection vulnerability in Open-Emr Openemr 4.1.1 Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php. | 6.5 |
| 2013-08-01 | CVE-2013-1617 | SQL Injection vulnerability in Symantec products Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | 7.4 |
| 2013-07-31 | CVE-2013-5003 | SQL Injection vulnerability in PHPmyadmin Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. | 6.5 |
| 2013-07-29 | CVE-2013-4953 | SQL Injection vulnerability in Topgames TOP Games Script 1.2 SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | 7.5 |
| 2013-07-29 | CVE-2013-4952 | SQL Injection vulnerability in Elemata CMS 3.0 SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2013-07-29 | CVE-2013-4948 | SQL Injection vulnerability in Machform 2.0 SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter. | 7.5 |
| 2013-07-29 | CVE-2013-4945 | SQL Injection vulnerability in BMC Service Desk Express 10.2.1.95 Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx. | 7.5 |
| 2013-07-29 | CVE-2013-3033 | SQL Injection vulnerability in IBM Tivoli Remote Control 5.1.2 SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |