ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
CWE-89
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.
CVE-2018-19925
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
CVE-2018-19893
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
CVE-2018-19549
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.
CVE-2018-19551
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.
