An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
CWE-89
CVE-2020-22818
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
CVE-2020-22819
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
CVE-2020-22820
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
CVE-2020-22669
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
CVE-2020-22781
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
