SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
CWE-89
CVE-2018-1756
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.
CVE-2018-17562
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition’s value can be controlled by a user’s request.
CVE-2018-17446
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17410
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.
