SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..
CWE-89
CVE-2020-21808
SQL Injection vulnerability in NukeViet CMS 4.0.10 – 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.
CVE-2020-21809
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
CVE-2020-21665
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh.
CVE-2020-21667
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ‘table’ parameter passed is not filtered so a malicious parameter can be passed for SQL injection.
CVE-2020-21377
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter.
