CVE-2016-6818

CRITICAL Year: 2016
CVSS v3 Score
9.8
Critical
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-89
View all →

Vulnerability Description

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.

Related Vulnerabilities

CVE-2005-4891

CRITICAL
CVSS:9.8(Critical)

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

CWE-892005

CVE-2006-5603

CRITICAL
CVSS:9.8(Critical)

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unkn...

CWE-892006

CVE-2007-10002

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/l...

CWE-892007

CVE-2007-2534

CRITICAL
CVSS:9.8(Critical)

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a logi...

CWE-892007

CVE-2007-3652

CRITICAL
CVSS:9.8(Critical)

SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same iss...

CWE-892007

CVE-2008-10003

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sq...

CWE-892008