Modsecurity OWASP Modsecurity-CRS 3.2.0 SQL Injection Bypass Vulnerability

Modsecurity OWASP Modsecurity-CRS 3.2.0 SQL Injection Bypass Vulnerability

CVE-2020-22669 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.