From DHS/US-CERT's National Vulnerability Database
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.