CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2020(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-35848 89 Sql 2020-12-30 2020-12-31
7.5
None Remote Low Not required Partial Partial Partial
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
2 CVE-2020-35847 89 Sql 2020-12-30 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
3 CVE-2020-35846 89 Sql 2020-12-30 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
4 CVE-2020-35743 89 Sql 2020-12-31 2021-01-07
6.5
None Remote Low ??? Partial Partial Partial
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
5 CVE-2020-35742 89 Sql 2020-12-31 2021-01-07
6.5
None Remote Low ??? Partial Partial Partial
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
6 CVE-2020-35708 89 Sql 2020-12-25 2020-12-28
6.5
None Remote Low ??? Partial Partial Partial
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
7 CVE-2020-35666 89 Sql 2020-12-23 2020-12-23
6.5
None Remote Low ??? Partial Partial Partial
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
8 CVE-2020-35613 89 Sql 2020-12-28 2020-12-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
9 CVE-2020-35545 89 Sql 2020-12-17 2020-12-21
7.5
None Remote Low Not required Partial Partial Partial
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
10 CVE-2020-35382 89 Sql 2020-12-14 2020-12-14
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
11 CVE-2020-35378 89 Exec Code Sql Bypass 2020-12-14 2020-12-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
12 CVE-2020-35276 89 Sql Bypass 2020-12-21 2020-12-23
7.5
None Remote Low Not required Partial Partial Partial
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
13 CVE-2020-35245 89 Sql 2020-12-26 2020-12-29
7.5
None Remote Low Not required Partial Partial Partial
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.
14 CVE-2020-35244 89 Sql 2020-12-26 2020-12-29
7.5
None Remote Low Not required Partial Partial Partial
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
15 CVE-2020-35243 89 Sql 2020-12-26 2020-12-29
7.5
None Remote Low Not required Partial Partial Partial
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.
16 CVE-2020-35242 89 Sql 2020-12-26 2020-12-29
7.5
None Remote Low Not required Partial Partial Partial
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.
17 CVE-2020-35151 89 Sql 2020-12-21 2020-12-22
6.5
None Remote Low ??? Partial Partial Partial
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
18 CVE-2020-35122 89 Sql Bypass 2020-12-15 2020-12-17
4.0
None Remote Low ??? None Partial None
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.
19 CVE-2020-29574 89 Sql 2020-12-11 2020-12-14
7.5
None Remote Low Not required Partial Partial Partial
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
20 CVE-2020-29474 89 Exec Code Sql 2020-12-24 2021-04-22
7.5
None Remote Low Not required Partial Partial Partial
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
21 CVE-2020-29472 89 Exec Code Sql 2020-12-24 2021-04-22
7.5
None Remote Low Not required Partial Partial Partial
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
22 CVE-2020-29288 89 Sql 2020-12-02 2020-12-03
7.5
None Remote Low Not required Partial Partial Partial
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
23 CVE-2020-29287 89 Sql 2020-12-02 2020-12-03
7.5
None Remote Low Not required Partial Partial Partial
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
24 CVE-2020-29285 89 Sql 2020-12-02 2020-12-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
25 CVE-2020-29284 89 Sql 2020-12-02 2020-12-04
7.5
None Remote Low Not required Partial Partial Partial
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
26 CVE-2020-29283 89 Sql 2020-12-02 2020-12-04
7.5
None Remote Low Not required Partial Partial Partial
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
27 CVE-2020-29282 89 Sql Bypass 2020-12-02 2020-12-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
28 CVE-2020-29280 89 Sql 2020-12-02 2020-12-03
7.5
None Remote Low Not required Partial Partial Partial
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
29 CVE-2020-29228 89 Sql 2020-12-30 2021-01-04
5.0
None Remote Low Not required None Partial None
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page.
30 CVE-2020-28994 89 Sql 2020-11-24 2020-11-30
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.
31 CVE-2020-28860 89 Sql 2020-12-14 2020-12-15
6.5
None Remote Low ??? Partial Partial Partial
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
32 CVE-2020-28413 89 Sql 2020-12-30 2021-01-05
4.0
None Remote Low ??? Partial None None
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
33 CVE-2020-28183 89 Sql 2020-11-17 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
34 CVE-2020-28138 89 Sql 2020-11-17 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
35 CVE-2020-28133 89 +Priv Sql Bypass 2020-11-17 2020-12-01
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
36 CVE-2020-28115 89 Exec Code Sql 2020-11-05 2020-11-10
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
37 CVE-2020-28091 89 Sql 2020-11-18 2020-12-01
5.0
None Remote Low Not required Partial None None
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
38 CVE-2020-28074 89 Sql Bypass 2020-12-23 2020-12-23
7.5
None Remote Low Not required Partial Partial Partial
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
39 CVE-2020-28073 89 Sql Bypass 2020-12-23 2020-12-23
7.5
None Remote Low Not required Partial Partial Partial
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.
40 CVE-2020-28070 89 Exec Code Sql 2020-12-23 2020-12-23
7.5
None Remote Low Not required Partial Partial Partial
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
41 CVE-2020-27995 89 Exec Code Sql 2020-10-29 2020-11-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
42 CVE-2020-27886 89 Sql 2020-10-29 2020-11-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).
43 CVE-2020-27848 89 Sql 2020-12-30 2021-01-04
6.5
None Remote Low ??? Partial Partial Partial
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.
44 CVE-2020-27660 89 Exec Code Sql 2020-11-30 2020-12-22
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
45 CVE-2020-27615 89 Sql XSS 2020-10-21 2020-10-23
7.5
None Remote Low Not required Partial Partial Partial
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
46 CVE-2020-27481 89 Sql 2020-11-12 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization.
47 CVE-2020-27207 416 DoS Exec Code Sql 2020-11-26 2020-12-03
5.0
None Remote Low Not required None None Partial
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.
48 CVE-2020-26944 89 Sql 2020-10-16 2020-10-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.
49 CVE-2020-26935 89 Sql 2020-10-10 2021-03-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
50 CVE-2020-26805 89 Sql 2020-11-12 2020-11-17
6.5
None Remote Low ??? Partial Partial Partial
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database.
Total number of vulnerabilities : 460   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.