PT-2018-13536 · Owasp · Owasp Modsecurity Core Rule Set

Publicado

2018-09-03

Atualizado

2024-03-18

CVE-2018-16384

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OWASP ModSecurity Core Rule Set versions prior to 3.1.0-rc4

Description A SQL injection bypass issue exists, allowing attackers to bypass security controls. This is achieved by using a special syntax {ab}, where ais a special function name, such asif, and b` is the SQL statement to be executed.

Recommendations For versions prior to 3.1.0-rc4, update to a version that includes the fix for this issue.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-16384

DLA-3293-1

MGASA-2024-0070

Produtos afetados

Owasp Modsecurity Core Rule Set

PT-2018-13536 · Owasp · Owasp Modsecurity Core Rule Set

CVE-2018-16384

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36