探索與 SQL Injection 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 SQL Injection 類型、2020 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2020-35743 | HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | 7.0 | 0.60% | 2020-12-31 | 2026-06-16 |
| CVE-2020-35742 | HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | 7.0 | 0.60% | 2020-12-31 | 2026-06-16 |
| CVE-2019-7726 | modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | 9.8 | 2.28% | 2020-12-31 | 2026-06-16 |
| CVE-2020-28413 | In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. | 5.3 | 4.86% | 2020-12-30 | 2026-06-16 |
| CVE-2020-29228 | EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. | 7.5 | 1.16% | 2020-12-30 | 2026-06-16 |
| CVE-2020-27848 | dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability. | 8.8 | 1.22% | 2020-12-30 | 2026-06-16 |
| CVE-2020-35848 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. | 9.8 | 74.99% | 2020-12-29 | 2026-06-16 |
| CVE-2020-35847 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | 9.8 | 98.29% | 2020-12-29 | 2026-06-16 |
| CVE-2020-35846 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. | 9.8 | 93.20% | 2020-12-29 | 2026-06-16 |
| CVE-2020-35613 | An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | 9.8 | 28.40% | 2020-12-28 | 2026-06-16 |
| CVE-2020-35245 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. | 9.8 | 1.15% | 2020-12-26 | 2026-06-16 |
| CVE-2020-35244 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | 9.8 | 1.15% | 2020-12-26 | 2026-06-16 |
| CVE-2020-35243 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | 9.8 | 1.15% | 2020-12-26 | 2026-06-16 |
| CVE-2020-35242 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. | 9.8 | 1.15% | 2020-12-26 | 2026-06-16 |
| CVE-2020-35708 | phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | 7.2 | 1.48% | 2020-12-25 | 2026-06-16 |
| CVE-2020-29474 | EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | 9.8 | 4.06% | 2020-12-24 | 2026-06-16 |
| CVE-2020-29472 | EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | 9.8 | 4.11% | 2020-12-24 | 2026-06-16 |
| CVE-2020-35666 | Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value. | 8.8 | 1.07% | 2020-12-23 | 2026-06-16 |
| CVE-2020-28074 | SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. | 9.8 | 2.31% | 2020-12-23 | 2026-06-16 |
| CVE-2020-28073 | SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. | 9.8 | 2.77% | 2020-12-23 | 2026-06-16 |