CWE-89

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.

Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.