Modsecurity CRS 3.2.0 SQLi Bypass via Comments/Variables
CVE-2020-22669 Published on September 2, 2022

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

NVD

Products Associated with CVE-2020-22669

stack.watch emails you whenever new vulnerabilities are published in Owasp Modsecurity Core Rule Set or Debian Linux. Just hit a watch button to start following.

Owasp Modsecurity Core Rule Set

Debian Linux

Exploit Probability

EPSS

0.21%

Percentile

43.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Modsecurity CRS 3.2.0 SQLi Bypass via Comments/VariablesCVE-2020-22669 Published on September 2, 2022

Products Associated with CVE-2020-22669

Exploit Probability

Modsecurity CRS 3.2.0 SQLi Bypass via Comments/Variables
CVE-2020-22669 Published on September 2, 2022