CVE-2018-16384

Опубликовано: 03 сент. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {ab} where a is a special function name (such as "if") and b is the SQL statement to be executed.

Ссылки

https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:owasp:owasp_modsecurity_core_rule_set:*:*:*:*:*:*:*:*

Версия до 3.0.2 (включая)

cpe:2.3:a:owasp:owasp_modsecurity_core_rule_set:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:owasp:owasp_modsecurity_core_rule_set:3.1.0:rc3:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2018-16384

CVSS3: 7.5

ubuntu

больше 7 лет назад

A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.

CVE-2018-16384

CVSS3: 7.5

debian

больше 7 лет назад

A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...

GHSA-8r55-w857-fcgj

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 18%

0.00058

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89