Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
References
Link | Resource |
---|---|
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727 | Exploit Issue Tracking Third Party Advisory |
https://github.com/coreruleset/coreruleset/pull/1793 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-02T00:00:00
Updated: 2023-01-30T00:00:00
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-22669
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-02T18:15:11.607
Modified: 2023-02-16T19:30:01.450
Link: CVE-2020-22669
JSON object: View
Redhat Information
No data.
CWE