Last week, Trustwave SpiderLabs discovered a SQL injection vulnerability exploit in widely popular web content management software (CMS) Joomla that allowed for access to administrative areas. Shortly ...

Joomla pushed out version 3.2.3 of its product last week, fixing a SQL injection zero day vulnerability that could have let attackers exploit sites running the CMS. The open-source content management ...

A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing campaign against XG firewalls, using the Asnarok trojan. Attackers have been targeting the Sophos XG ...

Sophos has fixed a zero-day SQL injection vulnerability in their XG Firewall after receiving reports that hackers actively exploited it in attacks. Sophos states that they received a report on April ...

Reports that the latest SQL injection exploit may have impacted hundreds of thousands of sites running IIS and SQL Server in recent days has put Microsoft, once again, on the defensive. Redmond's ...

If your eyes glazed over at the recent announcement of an “SQL injection” vulnerability in WordPress, take heart. You’re not alone. SQL injection attacks are a common kind of security flaw, but are ...

An exploit that takes advantage of database query software that does not thoroughly test the query statement for correctness. Along with cross-site scripting (see XSS), SQL injection is used to break ...

Users of a widely used firewall from Sophos have been under a zero-day attack that was designed to steal usernames, cryptographically protected passwords, and other sensitive data, officials with the ...

Attack code was published on Friday that exploits a critical vulnerability in the Magento e-commerce platform, all but guaranteeing it will be used to plant payment card skimmers on sites that have ...

The prevalence and intensity of SQL injection attacks are increasing, according to Imperva's Hacker Intelligence Initiative (HII) report. The report details how attacks are executed and how hackers ...