CWE-89

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in includeModelCategory.php.

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.

MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java.

Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.

Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.