CWE-89

SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the “s” parameter remotely.

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.

Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.