An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter “my_item_search” in users.php is exploitable using SQL injection.
CWE-89
CVE-2018-11470
iScripts eSwap v2.4 has SQL injection via the “search.php” ‘Told’ parameter in the User Panel.
CVE-2018-11444
A SQL Injection issue was observed in the parameter “q” in jobcard-ongoing.php in EasyService Billing 1.0.
CVE-2018-11414
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admincontrollerAdminLog.php constructs a MySQL query improperly.
CVE-2018-11369
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the appshomecontrollerParserController.php scode parameter.
CVE-2018-11372
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
