OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.
CWE-89
CVE-2019-19286
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages.
CVE-2019-19245
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
CVE-2019-19207
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
CVE-2019-19209
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
CVE-2019-19094
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
