CWE-89

SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.

The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.

SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.

SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.

SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.