** DISPUTED ** GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm.
CWE-89
CVE-2019-15563
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
CVE-2019-15564
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.
CVE-2019-15565
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.
CVE-2019-15566
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
CVE-2019-15567
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.
