DescriptionModsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Timeline for this CVECVE page created: Sat Sep 3 02:01:01 2022
CVE page last modified: Wed Oct 26 22:41:36 2022