Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
CWE-89
CVE-2018-20730
A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
CVE-2018-20678
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
CVE-2018-20713
Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
CVE-2018-20716
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the “I forgot my Password!” feature.
