SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
CWE-89
CVE-2018-16762
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
CVE-2018-16724
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
CVE-2018-1674
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.
CVE-2018-16659
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
CVE-2018-16410
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
