Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.
CWE-89
CVE-2019-8923
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
CVE-2019-8600
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2019-8422
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in appsadmincontrollercontentContentController.php.
CVE-2019-8423
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
