Описание
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.26.0 (включая)
cpe:2.3:a:newrelic:.net_agent:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
EPSS
Процентиль: 48%
0.0025
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89