Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2016. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2016-9272 | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | 9.1 | 2.23% | 2016-11-11 | 2026-06-16 |
| CVE-2016-9242 | Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | 8.8 | 1.37% | 2016-11-07 | 2026-06-16 |
| CVE-2016-9184 | In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. | 7.5 | 1.76% | 2016-11-04 | 2026-06-16 |
| CVE-2016-6453 | A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876). | 7.3 | 1.10% | 2016-11-03 | 2026-06-16 |
| CVE-2016-9135 | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | 7.5 | 1.76% | 2016-11-03 | 2026-06-16 |
| CVE-2016-9134 | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | 7.5 | 2.04% | 2016-11-03 | 2026-06-16 |
| CVE-2016-7453 | The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | 9.8 | 1.49% | 2016-11-03 | 2026-06-16 |
| CVE-2016-8582 | A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE. | 9.8 | 57.43% | 2016-10-28 | 2026-06-16 |
| CVE-2016-7919 | Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields. | 7.5 | 2.25% | 2016-10-28 | 2026-06-16 |
| CVE-2016-6443 | A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). | 8.8 | 2.97% | 2016-10-27 | 2026-06-16 |
| CVE-2016-1000122 | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 7.2 | 2.10% | 2016-10-27 | 2026-06-16 |
| CVE-2016-1000120 | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | 7.2 | 2.10% | 2016-10-27 | 2026-06-16 |
| CVE-2016-1000119 | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | 7.2 | 2.31% | 2016-10-21 | 2026-06-16 |
| CVE-2016-1000118 | XSS & SQLi in HugeIT slideshow v1.0.4 | 7.2 | 2.31% | 2016-10-21 | 2026-06-16 |
| CVE-2016-1000117 | XSS & SQLi in HugeIT slideshow v1.0.4 | 7.2 | 2.31% | 2016-10-21 | 2026-06-16 |
| CVE-2016-1000116 | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | 7.2 | 2.10% | 2016-10-21 | 2026-06-16 |
| CVE-2016-1000115 | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | 7.2 | 2.89% | 2016-10-21 | 2026-06-16 |
| CVE-2016-0249 | SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 8.6 | 1.50% | 2016-10-16 | 2026-06-16 |
| CVE-2016-8564 | SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | 6.5 | 1.14% | 2016-10-13 | 2026-06-16 |
| CVE-2016-1000217 | Zotpress plugin for WordPress SQLi in zp_get_account() | 9.8 | 5.53% | 2016-10-06 | 2026-06-16 |