Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2020. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2020-28070 | SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. | 9.8 | 22.90% | 2020-12-23 | 2026-06-16 |
| CVE-2020-13968 | CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | 9.8 | 1.34% | 2020-12-23 | 2026-06-16 |
| CVE-2020-24673 | In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. | 9.8 | 1.08% | 2020-12-22 | 2026-06-16 |
| CVE-2020-35151 | The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | 8.8 | 3.78% | 2020-12-21 | 2026-06-16 |
| CVE-2020-11717 | An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. | 9.8 | 1.97% | 2020-12-21 | 2026-06-16 |
| CVE-2020-21378 | SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. | 9.8 | 2.15% | 2020-12-21 | 2026-06-16 |
| CVE-2020-21377 | SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. | 9.8 | 1.00% | 2020-12-21 | 2026-06-16 |
| CVE-2020-35276 | EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. | 9.8 | 1.53% | 2020-12-21 | 2026-07-08 |
| CVE-2020-20300 | SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | 9.8 | 8.75% | 2020-12-18 | 2026-06-16 |
| CVE-2020-25608 | The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. | 7.2 | 0.89% | 2020-12-18 | 2026-06-16 |
| CVE-2020-35545 | Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | 9.8 | 3.80% | 2020-12-17 | 2026-06-16 |
| CVE-2020-35122 | An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. | 7.5 | 0.82% | 2020-12-15 | 2026-06-16 |
| CVE-2020-20189 | SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php. | 9.8 | 1.08% | 2020-12-14 | 2026-06-16 |
| CVE-2019-19286 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. | 7.2 | 0.89% | 2020-12-14 | 2026-06-16 |
| CVE-2020-28860 | OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. | 8.8 | 2.11% | 2020-12-14 | 2026-07-08 |
| CVE-2020-16104 | SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versi | 8.2 | 0.90% | 2020-12-14 | 2026-06-16 |
| CVE-2020-35382 | SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | 7.2 | 1.03% | 2020-12-14 | 2026-06-16 |
| CVE-2020-35378 | SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. | 9.8 | 2.02% | 2020-12-14 | 2026-06-16 |
| CVE-2020-19165 | PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter. | 9.8 | 1.59% | 2020-12-11 | 2026-06-16 |
| CVE-2020-29574 KEV | An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | 9.8 | 4.73% | 2020-12-11 | 2026-06-16 |