Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
CWE-89
CVE-2020-19705
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.
CVE-2020-19821
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter.
CVE-2020-19853
BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
CVE-2020-1937
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
CVE-2020-19447
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
