Описание
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a ...
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
EPSS
9.8 Critical
CVSS3