CVE-2020-9483
Description
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
NVD
Severity: HIGH
CVE ID: CVE-2020-9483
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-9483
Refrence: Project Discovery GitHub
shanika04
CVE-2020-9483 OR CVE-2020-13921
Refrence: GitHub
Neko-chanQwQ
PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking)
Refrence: GitHub
Content on GitHub
CLincat | watchers:105
vulcat
vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持续利用漏洞
Refrence: GitHub