CVE-2020-19248

MEDIUM Year: 2020
CVSS v3 Score
5.1
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates.

Related Vulnerabilities

CVE-2020-5428

MEDIUM
CVSS:5.1(Medium)

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

CWE-892020

CVE-2023-33770

MEDIUM
CVSS:5.1(Medium)

Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php.

CWE-892023

CVE-2024-24101

MEDIUM
CVSS:5.1(Medium)

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.

CWE-892024

CVE-2024-30872

MEDIUM
CVSS:5.1(Medium)

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php.

CWE-892024

CVE-2025-25991

MEDIUM
CVSS:5.1(Medium)

SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.

CWE-892025

CVE-2025-25992

MEDIUM
CVSS:5.1(Medium)

SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.

CWE-892025