GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greensql | greensql_firewall | * |
| greensql | greensql_firewall | 0.3.5 |
| greensql | greensql_firewall | 0.8.2 |
| greensql | greensql_firewall | 0.3.4 |