Security Vulnerabilities, CVEs, Published In August 2015 (Sql injection) CVSS score >= 3

CVE-2015-6659

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
Max CVSS
7.5
EPSS Score
0.56%
Published
2015-08-24
Updated
2016-12-24

CVE-2015-6522

Public exploit
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
Max CVSS
7.5
EPSS Score
97.06%
Published
2015-08-19
Updated
2016-12-09

CVE-2015-6519

SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-08-18
Updated
2015-08-20

CVE-2015-6516

SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.
Max CVSS
6.5
EPSS Score
0.11%
Published
2015-08-18
Updated
2018-10-09

CVE-2015-6513

Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-08-18
Updated
2015-08-19

CVE-2015-6512

SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
Max CVSS
5.0
EPSS Score
0.18%
Published
2015-08-18
Updated
2015-08-19

CVE-2015-5599

Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
Max CVSS
7.5
EPSS Score
0.21%
Published
2015-08-18
Updated
2019-07-09

CVE-2015-5504

SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-08-18
Updated
2016-12-07

CVE-2015-4634

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
Max CVSS
7.5
EPSS Score
0.77%
Published
2015-08-11
Updated
2017-09-22

CVE-2015-4426

SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
Max CVSS
7.5
EPSS Score
0.16%
Published
2015-08-18
Updated
2016-06-09

CVE-2015-1491

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.0
EPSS Score
0.12%
Published
2015-08-01
Updated
2017-09-21
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close