13enforme CMS 1.0 has SQL Injection via the ‘content.php’ id parameter.
CWE-89
CVE-2020-23980
DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page.
CVE-2020-23763
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
CVE-2020-23833
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.
CVE-2020-23685
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
CVE-2020-23711
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
