SQL injection Prevention - POST : suspicious CREATE statement in data Description   This alarm is raised when a suspicious combination of SQL known keywords is found in a POST request. This signature in the Internet profile has been configured to pass, ignore.The great number of public forums on the databases and the operation of certain dynamic sites make the risk of false positives high on public servers. Before 9.0.0 version, this signature was available in context [http:client].       Default configuration   Profiles High Medium Low Internet Action Block Pass Pass Pass Alarm Level Minor Minor Ignore Ignore       References         Available since   ASQ v5.0.0       Protects   Joomla Third-Party Plugins Multiple SQL Injection Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities Cacti Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities TYPO3 News Plugin "NewsController.php" Blind SQL Injection Vulnerability e107 "keyword" SQL Injection Vulnerability Joomla Third-Party Plugins Multiple Vulnerabilities Joomla Third-Party Plugins Multiple SQL Injection Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities Cisco Identity Services Engine SQL Injection Vulnerability ZoneMinder Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities Jooma Huge-IT Video Gallery "galleryid" SQL Injection Vulnerability Fixed by 1.1.0 WordPress Third Party Modules Multiple Vulnerabilities WordPress Third Party Modules Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities Riverbed SteelCentral NetProfiler Multiple Vulnerabilities Fixed by 10.9.0 Apache Ranger SQL Injection Vulnerability Fixed by 0.5.3 Wordpress Multiple Third Party Plugins Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cacti "graph_template" Parameter "graphs_new.php" SQL Injection Vulnerability Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cacti "graphs_new.php" SQL Injection Vulnerability Cacti Multiple SQL Injection Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities WordPress Third-Party Plugins and Themes Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Joomla Third-Party Modules Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Magento Multiple Vulnerabilities Fixed by 1.9.2 Cacti "$data_query_id" SQL Injection Vulnerability Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Joomla J2Store Extension SQL Injection Vulnerability Fixed by 3.1.7 Joomla Third-Party Modules Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cacti Multiple Vulnerabilities Fixed by 0.8.8e Wordpress Multiple Third Party Plugins Multiple Vulnerabilities LimeSurvey SQL Injection Vulnerability Fixed by 2.06+ (Build 150629) LimeSurvey "sid" Parameter SQL Injection Vulnerability Fixed by 2.06+ (Build 150618) Cacti Three Vulnerabilities Cacti Multiple Vulnerabilities Fixed by 0.8.8d Wordpress Multiple Themes Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cisco Unified Communications Manager Two SQL Injection Vulnerabilities phpMyBackupPro Login SQL Injection Vulnerability Galette ZendDB Two SQL Injection Vulnerabilities WordPress Cart66 Lite Plugin Security Bypass and SQL Injection Vulnerabilities WordPress WP Symposium Plugin "tray" SQL Injection Vulnerability WordPress Google Doc Embedder Plugin "pgid" SQL Injection Vulnerability WordPress Cart66 Lite Plugin "id" SQL Injection Vulnerability Movable Type XML-RPC Interface SQL Injection Vulnerability PHP-Fusion Multiple SQL Injection Vulnerabilities OpenVAS Manager timezone SQL Injection Vulnerability MantisBT Multiple Vulnerabilities FluxBB "req_new_email" SQL Injection Vulnerability Open-Xchange OX App Suite "jslob" API Call SQL Injection Vulnerability TestLink Multiple SQL Injection Vulnerabilities Pligg CMS "id" SQL Injection Vulnerability Pro Chat Rooms Text Chat Room / Pro Chat Rooms Audio/Video Chat Room Cross-Site Scripting and SQL Injection Vulnerabilities Sabre AirCentre Crew CWPLogin.aspx Two SQL Injection Vulnerabilities InvGate Service Desk Multiple SQL Injection Vulnerabilities Dolibarr ERP/CRM Multiple Cross-Site Scripting, Script Insertion, and SQL Injection Vulnerabilities Raritan PowerIQ "sort" and "dir" SQL Injection Vulnerabilities openSIS "USERNAME" SQL Injection Vulnerability Cacti Multiple Vulnerabilities web2Project Multiple SQL Injection Vulnerabilities WordPress Booking System Plugin "booking_form_id" SQL Injection Vulnerability KeepInTouch kitForm Extension "sorter_value" SQL Injection Vulnerability Orbit Open Ad Server "site_directory_sort_field" SQL Injection Vulnerability Cacti Multiple Vulnerabilities HostBill Staff Tickets SQL Injection Vulnerability Joomla! JV Comment Component "id" SQL Injection Vulnerability CSP MySQL User Manager "loginuser" SQL Injection Vulnerability CUBIC CMS Multiple Vulnerabilities InstantCMS "orderby" SQL Injection Vulnerability Joomla! Projectfork Component "search" and "order" SQL Injection Vulnerabilities Nagios XI "tfPassword" SQL Injection Vulnerability Project'Or RIA Cross-Site Scripting and SQL Injection Vulnerabilities SecureSphere Web Application Firewall Web Console SQL Injection Vulnerability ImpressPages CMS Multiple Vulnerabilities CourseMS Cross-Site Scripting and SQL Injection Vulnerabilities SecureSphere Web Application Firewall Web Console SQL Injection Vulnerability CMS Formulasi Multiple Vulnerabilities Zabbix Multiple SQL Injection Vulnerabilities OpenEMR "authProvider" SQL Injection Vulnerability OpenEMR Cross-Site Scripting and SQL Injection Vulnerabilities Practico CMS "uid" SQL Injection Vulnerability glFusion "cat_id" SQL Injection Vulnerability Cacti Script Insertion and SQL Injection Vulnerabilities Gnew Cross-Site Scripting and SQL Injection Vulnerabilities Joomla! SectionEx Component Two SQL Injection Vulnerabilities OSSIM Two Cross-Site Scripting Vulnerabilities JM LLC Basic Forum Multiple Vulnerabilities Saurus CMS Multiple Vulnerabilities astTECS Voice Logger for Call Center / Contact Center Two Vulnerabilities OpenEMR Script Insertion and SQL Injection Vulnerabilities Monkey CMS Multiple Vulnerabilities GLPI "filename" SQL Injection Vulnerability GLPI "users_id_assign" SQL Injection Vulnerability PHD Help Desk Two SQL Injection Vulnerabilities Vanilla Forums Parameter Name SQL Injection Vulnerability WordPress LeagueManager Plugin Security Bypass and SQL Injection Vulnerabilities PHP-Fusion Multiple SQL Injection and Cross-Site Scripting Vulnerabilities Scripts Genie Pet Rate Pro SQL Injection and PHP Code Execution Vulnerabilities AdaptCMS Multiple Vulnerabilities WeBid Multiple SQL Injection Vulnerabilities WordPress Store Locator Plus Plugin "query" SQL Injection Vulnerability Astium SQL Injection and Denial of Service Vulnerabilities MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection Vulnerabilities ClipBucket Multiple SQL Injection Vulnerabilities Intramaps Multiple Vulnerabilities WordPress Poll Plugin Multiple Script Insertion Vulnerabilities Subrion CMS Cross-Site Scripting and SQL Injection vulnerabilities AContent Security Bypass and SQL Injection Vulnerabilities AContent Cross-Site Scripting and SQL Injection Vulnerabilities OpenX Cross-Site Scripting and SQL Injection Vulnerabilities TorrentTrader Cross-Site Scripting and SQL Injection Vulnerabilities webERP Multiple Vulnerabilities TCExam Cross-Site Scripting and SQL Injection Vulnerabilities Group-Office "sort" SQL Injection Vulnerability WordPress Mz-jajak Plugin "id" SQL Injection Vulnerability Cyclope Employee Surveillance Solution Security Bypass and SQL Injection Vulnerabilities WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities Limny "escape()" SQL Injection Vulnerability Dell SonicWALL Scrutinizer "q" SQL Injection Vulnerability WordPress WP-Predict Plugin "predictSelection" and "predictId" SQL Injection Vulnerabilities WordPress Automatic Plugin "q" SQL Injection Vulnerability Contao "field" SQL Injection Vulnerability SyndeoCMS Script Insertion and SQL Injection Vulnerabilities WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection Bigware Shop "pollid" Two SQL Injection Vulnerabilities TopicsViewer Multiple SQL Injection Vulnerabilities activeCollab Multiple Vulnerabilities Adiscon LogAnalyzer Cross-Site Scripting and SQL Injection Vulnerabilities Pligg CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities MyClientBase Script Insertion and SQL Injection Vulnerabilities ManageEngine SupportCenter Plus Multiple Vulnerabilities e-ticketing "user_name" and "password" SQL Injection Vulnerabilities osCMax Multiple Vulnerabilities WordPress BuddyPress Plugin "exclude" SQL Injection Vulnerability RivetTracker "hash" SQL Injection Vulnerabilities BrewBlogger Multiple Vulnerabilities The Uploader "username" SQL Injection Vulnerability ELBA "account group name" SQL Injection Vulnerability Seo Panel "website_id" and "lang_code" SQL Injection Vulnerabilities phpDenora Multiple File Disclosure and SQL Injection Vulnerabilities LimeSurvey "fieldnames" SQL Injection Vulnerability SocialCMS Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities TestLink Multiple SQL Injection Vulnerabilities Gazie "Login" Cross-Site Scripting and SQL Injection Vulnerabilities XRay CMS "username" SQL Injection Vulnerability zenphoto Multiple Vulnerabilities Campaign Enterprise "SID" SQL Injection Vulnerability Bigware Shop "lastname" SQL Injection Vulnerability MangosWeb Enhanced "login" SQL Injection Vulnerability tinyguestbook Script Insertion and SQL Injection Vulnerabilities e107 Multiple Vulnerabilities Open Business Management Multiple Vulnerabilities cApexWEB "dfuserid" and "dfpassword" SQL Injection Vulnerabilities BrowserCRM Multiple Vulnerabilities Seotoaster "selectUserIdByLoginPass()" SQL Injection Vulnerability WordPress SCORM Cloud For WordPress Plugin "active" SQL Injection Vulnerability HitAppoint "username" SQL Injection Vulnerability KnowledgeTree "username" SQL Injection Vulnerability Alstrasoft EPay Enterprise "cid" and "product" SQL Injection Vulnerabilities Meditate "username_input" SQL Injection Vulnerability PHP Inventory Multiple SQL Injection Vulnerabilities Joomla! XOBBIX Component "prodid" SQL Injection Vulnerability webERP Multiple Vulnerabilities Joomla AutarTimonial Component "limit" SQL Injection Vulnerability Joomla Canteen Component Multiple Vulnerabilities ScriptsFeed / BrotherScripts Auto Dealer Software "id" SQL Injection Vulnerability Joomla DJ-ArtGallery Component "cid[]" Two Vulnerabilities ScriptsFeed Recipes Listing Portal SQL Injection Vulnerabilities iScripts eSwap Cross-Site Scripting and SQL Injection Vulnerabilities iScripts EasyBiller SQL Injection and Script Insertion Vulnerabilities Science Fair In A Box "type" Cross-Site Scripting and SQL Injection Document Library "intGroupID" SQL Injection Vulnerability MCLogin System "myusername" SQL Injection Vulnerability Drupal Webform CiviCRM Integration Module Multiple SQL Injection Vulnerabilities Joomla! JEEMA SMS Component Cross-Site Request Forgery and SQL Injection Vulnerabilities Drupal Views Module SQL Injection Vulnerability Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities VP-ASP Unspecified SQL Injection Vulnerability Joomla! Alameda Component "storeid" SQL Injection Vulnerability SPIP Unspecified SQL Injection Vulnerability PrestaShop Presta2PhpList Module "list" SQL Injection Vulnerability Joomla! Freestyle FAQs and Testimonials Components Unspecified SQL Injection Vulnerability DMXready Polling Booth Manager "QuestionID" SQL Injection Vulnerability ColdGen ColdCalendar "EventID" SQL Injection Vulnerability Joomla! Clantools Component Two SQL Injection Vulnerabilities Joomla! Clantools Component "squad" SQL Injection Vulnerability Joomla! Gantry Component "moduleid" SQL Injection Vulnerability FestOS Multiple Vulnerabilities chillyCMS "name" Cross-Site Scripting and SQL Injection Vulnerabilities Pilot Cart Multiple Vulnerabilities Pre Podcast Portal Password SQL Injection Vulnerability TYPO3 Questionnaire Extension Cross-Site Scripting and SQL Injection Vulnerabilities Joomla! Teams Component "PlayerID" SQL Injection Vulnerability Entrans Cross-Site Scripting and SQL Injection Vulnerabilities KaiBB Cross-Site Scripting and SQL Injection Vulnerabilities wizmall "BID" and "UID" SQL Injection Vulnerabilities OpenEMR Multiple Vulnerabilities OpenEMR Script Insertion and SQL Injection Vulnerabilities Yet Another CMS Two SQL Injection Vulnerabilities Site@School Multiple Vulnerabilities PunBB Reputation Plugin SQL Injection and Local File Inclusion AContent Multiple Vulnerabilities WordPress WP Photo Album Plus Plugin "wppa-album" SQL Injection Vulnerability WordPress WordPress Users Plugin "uid" SQL Injection Vulnerability Radfa Sabadkharid "add2cart" SQL Injection Vulnerability EC-CUBE Two Unspecified SQL Injection Vulnerabilities Joomla! eTree Component "id" and "user_id" SQL Injection Vulnerabilities Drupal Certificate Login Module SQL Injection Vulnerability MyBB MyStatus Plugin "statid" SQL Injection Vulnerability MyBB Advanced Forum Signatures Plugin Multiple SQL Injection Vulnerabilities 6kbbs Multiple Vulnerabilities KaiBB Two SQL Injection Vulnerabilities Sonexis ConferenceManager Script Insertion and SQL Injection Vulnerabilities Eclime Multiple Vulnerabilities webSPELL Multiple Vulnerabilities Netvolution CMS "Referer" HTTP Header SQL Injection Vulnerability WordPress WP-PostRatings Plugin "[ratings]" Shortcode SQL Injection Vulnerability Achievo Multiple Vulnerabilities WordPress WP Bannerize Plugin "item[]" SQL Injection Vulnerability MH Products Download Center "Name" SQL Injection Vulnerability Parallels Plesk Panel Cross-Site Scripting and SQL Injection Vulnerabilities WordPress Mingle Forum "edit_post_id" SQL Injection Vulnerability TYPO3 dev/null robots.txt Extension SQL Injection Vulnerability TYPO3 RTG Files Extension SQL Injection Vulnerability Flynax Classifieds Products "f[city]" SQL Injection Vulnerability Advanced Electron Forum Security Issue and Two Vulnerabilities Cacti Cross-Site Scripting and SQL Injection Vulnerabilities CMS Faethon Cross-Site Scripting and SQL Injection phpList Multiple Vulnerabilities Authenex Strong Authentication Server "username" SQL Injection Vulnerability Ayco Emlak Multiple SQL Injection Vulnerabilities Car Portal Multiple Vulnerabilities WordPress Count Per Day Plugin "month" SQL Injection Vulnerability Mercator Sentinel SQL Injection Vulnerability WordPress WP e-Commerce Plugin "transaction_id" Two SQL Injection Vulnerabilities TYPO3 Cache Flooding Denial of Service and SQL Injection Vulnerabilities Support Incident Tracker Multiple Vulnerabilities WordPress WP Forum Server Plugin "edit_post_id" SQL Injection Vulnerability TYPO3 Direct Mail Subscription Extension Two Vulnerabilities WordPress 1 Flash Gallery Plugin Multiple Vulnerabilities WordPress Tweet old post Plugin "cat" SQL Injection Vulnerability TIBCO Spotfire Products Multiple Vulnerabilities vAuthenticate Multiple SQL Injection Vulnerabilities WordPress WP Bannerize Plugin "id" SQL Injection Vulnerability WordPress yolink Search Plugin Two SQL Injection Vulnerabilities Free Help Desk Cross-Site Request Forgery and SQL Injection Vulnerabilities Moodle Multiple Remote SQL Injection and Security Bypass Vulnerabilities Samsung Integrated Management System DMS SQL Injection Vulnerability Debian Security Update Fixes Doctrine Remote SQL Injection Vulnerability Debian Security Update Fixes Request Tracker Multiple Vulnerabilities MyBB Remote SQL Injection and Cross Site Request Forgery Vulnerabilities Joomla SQL Injection and Multiple Information Disclosure Vulnerabilities CA Total Defense Remote Code Execution and SQL Injection Vulnerabilities 100 last CVE   CVE-2018-7717 CVE-2018-17397 CVE-2018-17394 CVE-2018-17385 CVE-2018-17384 CVE-2018-17383 CVE-2018-17382 CVE-2018-17380 CVE-2018-17379 CVE-2018-17378 CVE-2018-17377 CVE-2018-17376 CVE-2018-17375 CVE-2017-9337 CVE-2017-9336 CVE-2017-6098 CVE-2017-6097 CVE-2017-6096 CVE-2017-6095 CVE-2017-3835 CVE-2017-2550 CVE-2017-2168 CVE-2017-18345 CVE-2017-1002022 CVE-2017-1002021 CVE-2017-1002020 CVE-2017-1002019 CVE-2017-1002018 CVE-2017-1002017 CVE-2017-1000032 CVE-2017-1000031 CVE-2016-3659 CVE-2016-2174 CVE-2016-10206 CVE-2016-10205 CVE-2016-10204 CVE-2016-10203 CVE-2016-10202 CVE-2016-10201 CVE-2016-10112 CVE-2016-1000125 CVE-2016-1000124 CVE-2016-1000123 CVE-2016-0770 CVE-2016-0769 CVE-2016-0765 CVE-2015-8604 CVE-2015-8377 CVE-2015-8369 CVE-2015-8354 CVE-2015-8353 CVE-2015-8351 CVE-2015-8350 CVE-2015-7806 CVE-2015-7517 CVE-2015-6535 CVE-2015-6513 CVE-2015-5532 CVE-2015-5472 CVE-2015-5471 CVE-2015-5469 CVE-2015-5461 CVE-2015-5308 CVE-2015-5078 CVE-2015-4634 CVE-2015-4628 CVE-2015-4454 CVE-2015-4342 CVE-2015-4109 CVE-2015-4010 CVE-2015-3637 CVE-2015-3173 CVE-2015-2973 CVE-2015-2967 CVE-2015-2665 CVE-2015-0715 CVE-2015-0270 CVE-2014-9506 CVE-2014-9442 CVE-2014-9388 CVE-2014-9309 CVE-2014-9305 CVE-2014-9280 CVE-2014-9272 CVE-2014-9271 CVE-2014-9270 CVE-2014-9269 CVE-2014-9220 CVE-2014-9179 CVE-2014-9173 CVE-2014-9096 CVE-2014-9095 CVE-2014-9089 CVE-2014-9057 CVE-2014-8988 CVE-2014-8987 CVE-2014-8986 CVE-2014-8955 CVE-2014-8877 CVE-2014-8810    Risk level  Low