MidnightBSD

Advisories for greensql

CVE-2008-6992 HIGH

GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
greensql greensql_firewall *
greensql greensql_firewall 0.3.5
greensql greensql_firewall 0.8.2
greensql greensql_firewall 0.3.4