Lucene search
Veracode Vulnerability DatabaseVERACODE:25794HistoryJul 01, 2020 - 3:09 a.m.
SQL Injection
2020-07-0103:09:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
0.051 Low
EPSS
Percentile
93.0%
Apache SkyWalking is vulnerable to SQL injection. The function getLinearIntValues in H2MetricsQueryDAO.java does not sanitize the user-provided ID parameter to the SQL query StringBuilder when H2/MySQL/TiDB is used as storage, allowing an attacker to provide arbitrary string to construct malicious SQL statements.
| CPE | Name | Operator | Version |
|---|---|---|---|
| storage-jdbc-hikaricp-plugin | eq | 7.0.0 | |
| storage-jdbc-hikaricp-plugin | le | 6.6.0 |
Related
nuclei
nuclei
SkyWalking SQLI
2021-03-21 04:54:00
osv
osv
CVE-2020-9483
2020-06-30 15:15:10
cvelist
cvelist
CVE-2020-9483
2020-06-30 14:28:35
nvd
nvd
CVE-2020-9483
2020-06-30 15:15:10
prion
prion
Sql injection
2020-06-30 15:15:00
checkpoint_advisories
checkpoint_advisories
Apache SkyWalking Storage SQL Injection (CVE-2020-9483)
2020-12-28 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Apache Skywalking
2021-07-19 06:50:17
Exploit for SQL Injection in Apache Skywalking
2021-01-06 13:22:32
cve
cve
CVE-2020-9483
2020-06-30 15:15:10