A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
CWE-89
CVE-2018-14967
An issue was discovered in EMLsoft 5.4.5. uploademlactionaction.user.php has SQL Injection via the numPerPage parameter.
CVE-2018-14968
An issue was discovered in EMLsoft 5.4.5. uploademlactionaction.address.php has SQL Injection via the numPerPage parameter.
CVE-2018-14956
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.
CVE-2018-14961
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
CVE-2018-14874
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.
