SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
CWE-89
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
CVE-2018-7282
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.
CVE-2018-7178
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
CVE-2018-7179
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
CVE-2018-7180
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.