SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.12%
Published
2015-12-15
Updated
2016-12-07
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.39%
Published
2015-12-17
Updated
2016-12-07
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Source: ICS-CERT
Max CVSS
6.5
EPSS Score
0.09%
Published
2015-10-28
Updated
2015-10-28
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.62%
Published
2015-10-21
Updated
2016-06-01

CVE-2015-7858

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
Source: MITRE
Max CVSS
7.5
EPSS Score
81.42%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7857

Public exploit
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
81.42%
Published
2015-10-29
Updated
2017-09-13
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
Source: JPCERT/CC
Max CVSS
6.5
EPSS Score
0.20%
Published
2015-12-29
Updated
2021-06-24
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Source: JPCERT/CC
Max CVSS
4.3
EPSS Score
0.14%
Published
2015-12-30
Updated
2015-12-30
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.21%
Published
2015-10-15
Updated
2015-10-16
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.23%
Published
2015-10-15
Updated
2015-10-16
Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.23%
Published
2015-10-16
Updated
2018-10-09

CVE-2015-7387

Public exploit
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
Source: MITRE
Max CVSS
7.5
EPSS Score
90.25%
Published
2015-09-28
Updated
2020-03-26
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.
Source: CERT/CC
Max CVSS
7.5
EPSS Score
0.10%
Published
2015-09-28
Updated
2015-09-29
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-09-29
Updated
2018-10-09
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.55%
Published
2015-10-21
Updated
2021-03-31

CVE-2015-7297

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
Source: MITRE
Max CVSS
7.5
EPSS Score
97.55%
Published
2015-10-29
Updated
2017-09-13
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-09-18
Updated
2018-12-10
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-09-17
Updated
2016-12-22
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.15%
Published
2015-09-17
Updated
2016-12-22
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
Source: MITRE
Max CVSS
6.0
EPSS Score
0.27%
Published
2015-09-15
Updated
2016-12-22
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.15%
Published
2015-09-11
Updated
2015-09-14
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.46%
Published
2015-09-11
Updated
2018-10-09
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.17%
Published
2015-09-11
Updated
2018-10-09
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.48%
Published
2015-09-16
Updated
2015-09-17
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.19%
Published
2015-09-04
Updated
2019-06-24
221 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!