Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CWE-89
CVE-2019-6506
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
CVE-2019-6523
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
CVE-2019-6295
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
CVE-2019-6296
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
CVE-2019-6259
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
