CWE-89

The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.

The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.

A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades.

Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.

Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.

SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.