SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.
CWE-89
CVE-2018-5987
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
CVE-2018-5988
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
CVE-2018-5989
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
CVE-2018-5990
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
CVE-2018-5991
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
