CVE List by Type: SQL Injection (Filtered by Published Year)

Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing SQL Injection CVEs published in 2020. View full CVE list

Showing 2140 of 463 results
«« First « Prev Page 2 / 24 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2020-28070 SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. 9.8 22.90% 2020-12-23 2026-06-16
CVE-2020-13968 CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. 9.8 1.34% 2020-12-23 2026-06-16
CVE-2020-24673 In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. 9.8 1.08% 2020-12-22 2026-06-16
CVE-2020-35151 The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. 8.8 3.78% 2020-12-21 2026-06-16
CVE-2020-11717 An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. 9.8 1.97% 2020-12-21 2026-06-16
CVE-2020-21378 SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. 9.8 2.15% 2020-12-21 2026-06-16
CVE-2020-21377 SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. 9.8 1.00% 2020-12-21 2026-06-16
CVE-2020-35276 EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. 9.8 1.53% 2020-12-21 2026-07-08
CVE-2020-20300 SQL injection vulnerability in the wp_where function in WeiPHP 5.0. 9.8 8.75% 2020-12-18 2026-06-16
CVE-2020-25608 The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. 7.2 0.89% 2020-12-18 2026-06-16
CVE-2020-35545 Time-based SQL injection exists in Spotweb 1.4.9 via the query string. 9.8 3.80% 2020-12-17 2026-06-16
CVE-2020-35122 An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. 7.5 0.82% 2020-12-15 2026-06-16
CVE-2020-20189 SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php. 9.8 1.08% 2020-12-14 2026-06-16
CVE-2019-19286 A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. 7.2 0.89% 2020-12-14 2026-06-16
CVE-2020-28860 OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. 8.8 2.11% 2020-12-14 2026-07-08
CVE-2020-16104 SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versi 8.2 0.90% 2020-12-14 2026-06-16
CVE-2020-35382 SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. 7.2 1.03% 2020-12-14 2026-06-16
CVE-2020-35378 SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. 9.8 2.02% 2020-12-14 2026-06-16
CVE-2020-19165 PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter. 9.8 1.59% 2020-12-11 2026-06-16
CVE-2020-29574 KEV An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. 9.8 4.73% 2020-12-11 2026-06-16
«« First « Prev Page 2 / 24 Next »
cvelogic Threat Intelligence