Security Vulnerabilities, CVEs, Published In December 2015 (Sql injection)
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.
Max CVSS
6.5
EPSS Score
0.12%
Published
2015-12-15
Updated
2016-12-07
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Max CVSS
7.5
EPSS Score
1.39%
Published
2015-12-17
Updated
2016-12-07
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
Max CVSS
6.5
EPSS Score
0.20%
Published
2015-12-29
Updated
2021-06-24
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2015-12-30
Updated
2015-12-30
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.
Max CVSS
9.8
EPSS Score
0.13%
Published
2015-12-27
Updated
2015-12-28
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Max CVSS
6.5
EPSS Score
0.31%
Published
2015-12-27
Updated
2016-12-06
6 vulnerabilities found