CVE-2020-9483

Description

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.

NVD
Severity: HIGH
CVE ID: CVE-2020-9483
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-9483

Refrence: Project Discovery GitHub

shanika04

CVE-2020-9483 OR CVE-2020-13921

Refrence: GitHub

Neko-chanQwQ

PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking)

Refrence: GitHub

Content on GitHub

CLincat | watchers:105

vulcat
vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞，发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式，可以持续利用漏洞

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub