Lucene search
HistoryOct 03, 2022 - 4:13 p.m.
CVE-2008-6992
cve-2008-6992
greensql firewall
greensql-fw
sql injection
bypass
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.6%
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as “x=y=z”, which is successfully parsed by MySQL.
Affected configurations
Node
greensqlgreensql_firewallRange≤0.8.3
ORgreensqlgreensql_firewallMatch0.3.4
ORgreensqlgreensql_firewallMatch0.3.5
ORgreensqlgreensql_firewallMatch0.8.2
Related
prion
prion
Sql injection
2009-08-19 05:24:00
cvelist
cvelist
CVE-2008-6992
2022-10-03 16:13:49
seebug
seebug
GreenSQL防火墙WHERE从句绕过SQL检测漏洞
2009-09-04 00:00:00
nvd
nvd
CVE-2008-6992
2009-08-19 05:24:52
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.6%
Related for CVE-2008-6992