CWE-89

Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modulesCampaignsTracker.php and modulesCampaignsutils.php, the default_currency_name parameter to modulesConfiguratorcontroller.php and modulesCurrenciesCurrency.php, the duplicate parameter to modulesContactsShowDuplicates.php, the mergecur parameter to modulesCurrenciesindex.php and modulesOpportunitiesOpportunity.php, and the load_signed_id parameter to modulesDocumentsDocument.php.

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.

A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.