Zenario v7.1 – v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories – Edit` module.
CWE-89
CVE-2018-5970
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
CVE-2018-5971
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
CVE-2018-5972
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
CVE-2018-5973
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
CVE-2018-5974
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
