In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
CWE-89
CVE-2019-10707
MKCMS V5.0 has SQL injection via the bplay.php play parameter.
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.
CVE-2019-10653
An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page.
CVE-2019-10663
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
CVE-2019-10232
Teclib GLPI through 9.3.3 has SQL injection via the “cycle” parameter in /scripts/unlock_tasks.php.
