PT-2018-13536 · Owasp · Owasp Modsecurity Core Rule Set

Published

2018-09-03

Updated

2024-03-18

CVE-2018-16384

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OWASP ModSecurity Core Rule Set versions prior to 3.1.0-rc4

Description A SQL injection bypass issue exists, allowing attackers to bypass security controls. This is achieved by using a special syntax {ab}, where ais a special function name, such asif, and b` is the SQL statement to be executed.

Recommendations For versions prior to 3.1.0-rc4, update to a version that includes the fix for this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-16384

DLA-3293-1

MGASA-2024-0070

Affected Products

Owasp Modsecurity Core Rule Set

PT-2018-13536 · Owasp · Owasp Modsecurity Core Rule Set

CVE-2018-16384

Weakness Enumeration

Related Identifiers

Affected Products

References · 36