Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

Published

2022-09-02T18:15:11.607

Last Modified

2024-11-21T05:13:21.890

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	owasp	owasp_modsecurity_core_rule_set	3.2.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://github.com/coreruleset/coreruleset/pull/1793 Exploit, Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html Mailing List, Third Party Advisory ([email protected])
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/coreruleset/coreruleset/pull/1793 Exploit, Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)