CVE List by Type: SQL Injection (Filtered by Published Year)

Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing SQL Injection CVEs published in 2020. View full CVE list

Showing 4160 of 463 results
«« First « Prev Page 3 / 24 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2020-13526 SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 8.8 1.68% 2020-12-10 2026-06-16
CVE-2020-14207 The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. 5.3 1.42% 2020-12-08 2026-06-16
CVE-2020-25889 Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. 9.8 2.73% 2020-12-08 2026-06-16
CVE-2020-26248 In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. 6.8 12.39% 2020-12-03 2026-06-16
CVE-2020-13525 The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 1.68% 2020-12-03 2026-06-16
CVE-2020-29288 An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable. 9.8 2.56% 2020-12-02 2026-06-16
CVE-2020-29287 An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. 9.8 2.72% 2020-12-02 2026-06-16
CVE-2020-29285 SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. 9.8 1.32% 2020-12-02 2026-06-16
CVE-2020-29284 The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. 9.8 6.09% 2020-12-02 2026-06-16
CVE-2020-29283 An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. 9.8 1.32% 2020-12-02 2026-06-16
CVE-2020-29282 SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. 9.8 2.67% 2020-12-02 2026-06-16
CVE-2020-29280 The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. 9.8 1.88% 2020-12-02 2026-06-16
CVE-2020-25638 A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. 7.4 2.91% 2020-12-02 2026-06-16
CVE-2020-6880 A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. 9.8 1.20% 2020-12-01 2026-06-16
CVE-2020-27660 SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. 9.6 4.55% 2020-11-30 2026-06-16
CVE-2019-19876 An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. 9.8 1.01% 2020-11-27 2026-06-16
CVE-2020-28994 A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database. 9.8 1.27% 2020-11-24 2026-06-16
CVE-2020-4003 VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure. 6.5 1.14% 2020-11-24 2026-06-16
CVE-2020-3984 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access. 6.5 22.37% 2020-11-24 2026-06-16
CVE-2020-25475 SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. 9.8 1.05% 2020-11-24 2026-06-16
«« First « Prev Page 3 / 24 Next »
cvelogic Threat Intelligence