CVE-2020-22669
N/A
N/A
Summary
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727
- https://github.com/coreruleset/coreruleset/pull/1793
- https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html
- https://lists.debian.org/debian-lts-announce/2025/08/msg00004.html
References
- https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727
- https://github.com/coreruleset/coreruleset/pull/1793
- https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.