CVE-2008-6992

Name of the Vulnerable Software and Affected Versions GreenSQL Firewall (greensql-fw) versions prior to 0.9.2 or 0.9.4

Description The issue allows remote attackers to bypass the SQL injection protection mechanism. This can be achieved via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.

Recommendations For GreenSQL Firewall (greensql-fw) versions prior to 0.9.2 or 0.9.4, update to version 0.9.2 or 0.9.4 to resolve the issue. As a temporary workaround, consider restricting the use of complex WHERE clauses until a patch is applied.