An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter.
CWE-89
CVE-2018-14389
joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.
CVE-2018-14418
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
CVE-2018-14066
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
CVE-2018-1414
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
CVE-2018-14058
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
