Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-10 | CVE-2013-3527 | SQL Injection vulnerability in Vanillaforums Vanilla Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest. | 7.5 |
2013-05-10 | CVE-2013-3524 | SQL Injection vulnerability in Simpilotgroup POP UP News 2.0 SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | 7.5 |
2013-05-10 | CVE-2013-3523 | SQL Injection vulnerability in Gajennings This SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. | 7.5 |
2013-05-10 | CVE-2013-3522 | SQL Injection vulnerability in Vbulletin 5.0.0 SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter. | 6.5 |
2013-05-09 | CVE-2013-0684 | SQL Injection vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-05-08 | CVE-2013-3510 | SQL Injection vulnerability in Gwos Groundwork Monitor 6.7.0 Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. | 6.5 |
2013-05-01 | CVE-2013-0140 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. | 7.9 |
2013-04-18 | CVE-2013-1177 | SQL Injection vulnerability in Cisco Network Admission Control Manager and Server System Software SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. | 7.5 |
2013-04-18 | CVE-2013-1748 | SQL Injection vulnerability in Chatelao PHP Address Book 8.2.5 Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. | 7.5 |
2013-04-12 | CVE-2013-3050 | SQL Injection vulnerability in Zapms 1.33/1.40 SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product. | 7.5 |