LDMS/alert_log.aspx in Ivanti Endpoint Manager up to and including 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
ivanti endpoint manager