CWE-89

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in “Configuration > Users > Contacts / Users” allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).

SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).

A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.