Описание
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
Ссылки
- Exploit
- Exploit
- Patch
- Patch
- Vendor Advisory
- Exploit
- Exploit
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.3 (включая)
Одно из
cpe:2.3:a:greensql:greensql_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:greensql:greensql_firewall:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:greensql:greensql_firewall:0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:greensql:greensql_firewall:0.8.2:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00467
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
EPSS
Процентиль: 64%
0.00467
Низкий
7.5 High
CVSS2
Дефекты
CWE-89