An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
CWE-89
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the “–backup database” option.
CVE-2019-6707
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
CVE-2019-6708
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
CVE-2019-6658
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.
CVE-2019-6491
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.
