RSS   Vulnerabilities for
'Owasp modsecurity core rule set'
   RSS

2018-09-02
 
CVE-2018-16384

CWE-89
 

 
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.

 

 >>> Vendor: Trustwave 5 Products
Secure web gateway
Modsecurity
Webdefend
Owasp modsecurity core rule set
Mailmarshal


Copyright 2024, cxsecurity.com

 

Back to Top