Library Management System 1.0 has SQL Injection via the “Search for Books” screen.
CWE-89
CVE-2018-18798
Attendance Monitoring System 1.0 has SQL Injection via the ‘id’ parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
CVE-2018-18800
The Tubigan “Welcome to our Resort” 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
CVE-2018-18801
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
CVE-2018-18803
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
CVE-2018-18804
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
