VDB
CVE-2020-22669
CVE-2020-22669
PUBLISHED
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
EPSS 0.26% · 49.6th percentile
Risk Scores
EPSS Score
0.26%
49.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | modsecurity-crs | 0, 3.2.0-1, 3.1.1-1 |
| Ubuntu:22.04:LTS | modsecurity-crs | 0, 3.3.0-1, 3.3.2-1 |
| Ubuntu:18.04:LTS | modsecurity-crs | 3.0.0-3, 3.0.2-1, 0 |
| Ubuntu:25.10 | modsecurity-crs | 3.3.7-1, 0 |
| Ubuntu:16.04:LTS | modsecurity-crs | 2.2.9-1, 0 |
| Ubuntu:24.04:LTS | modsecurity-crs | 0, 3.3.5-2, 3.3.5-1 |
Timeline
- Sep 2, 2022 CVE Published
- Sep 3, 2022 EPSS Score
- Oct 18, 2022 EPSS Score
- Dec 3, 2022 EPSS Score
- Jan 17, 2023 EPSS Score
- Mar 3, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- Jun 2, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 31, 2023 EPSS Score
- Oct 15, 2023 EPSS Score
- Nov 30, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-22669 third-party-advisory
- https://github.com/coreruleset/coreruleset/pull/1793 third-party-advisory
- https://github.com/coreruleset/coreruleset/commit/1a6e9e097587cecc038f1a1a76fc067c7797bbcd third-party-advisory
- https://github.com/coreruleset/coreruleset/commit/909cab560b56f998faee88dd8a7aa9cf086d2d9f third-party-advisory
- https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-22669 third-party-advisory