CVE Vulnerability

CVE-2008-6992

GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://osvdb.org/48910 Exploit
http://sla.ckers.org/forum/read.php?16,24367
http://www.greensql.net/security Vendor Advisory
http://bugs.mysql.com/bug.php?id=39337 Exploit
http://www.greensql.net/node/98 Patch
http://www.greensql.net/node/89 Patch
Configurations

Configuration 1

cpe:2.3:a:greensql:greensql_firewall:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:greensql:greensql_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:greensql:greensql_firewall:0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:greensql:greensql_firewall:0.8.2:*:*:*:*:*:*:*
Information

Published : 2009-08-19 05:24

Updated : 2009-08-19 05:24

NVD link : CVE-2008-6992

Mitre link : CVE-2008-6992

Products Affected

Greensql

CWE
CWE-89