SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
CWE-89
CVE-2020-18164
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter.
CVE-2020-18175
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
CVE-2020-18215
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
CVE-2020-18081
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
CVE-2020-18106
The GET parameter “id” in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
