CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-22669

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile9.38th
Published2022年9月2日
Last Modified2025年11月3日

Vulnerability Description

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

Affected Platforms (CPE)

📦
Owasp

Owasp Modsecurity Core Rule Set

= 3.2.0
💻
Debian

Debian Linux

= 10.0

References & Advisories

🔗 https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727
🔗 https://github.com/coreruleset/coreruleset/pull/1793
🔗 https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html
🔗 https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727
🔗 https://github.com/coreruleset/coreruleset/pull/1793
🔗 https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html
🔗 https://lists.debian.org/debian-lts-announce/2025/08/msg00004.html

関連する脆弱性情報

CVE-2021-353689.8

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypas...

CVE-2018-163847.5

A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {...

CVE-2019-134647.5

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PH...

CVE-2019-113895.3

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf all...