Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-9483

Published: 30/06/2020 Updated: 10/07/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Apache

Vulnerability Summary

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache skywalking

apache skywalking 7.0.0

Github Repositories

https://github.com/Neko2sh1ro/CVE-2020-9483

PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking)

CVE-2020-9483 PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking) Usage:python3 CVE-2020-9483py -ip 127001 You can use this script to get Database version by SQL Injection Click star if you like this script 如果觉得这个PoC帮助了你,希望能点个star Result: XD

https://github.com/yukiNeko114514/CVE-2020-9483

PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking)

CVE-2020-9483 PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking) Usage:python3 CVE-2020-9483py -ip 127001 You can use this script to get Database version by SQL Injection Click star if you like this script 如果觉得这个PoC帮助了你,希望能点个star Result: XD

https://github.com/MeterianHQ/api-samples-python

A set of sample calls to the Meterian API in Python

Python sample API scripts A set of sample calls to the Meterian API in Python: use simple python scripts to leverage the power of the Meterian API You will need to install the 'requests' python library ( pip3 install requests ) You will need a token to use these tools! All these tools will require an API token from Meterian This is available for any paid plan, and

https://github.com/Veraxy00/SkywalkingRCE-vul

Skywalking远程代码执行漏洞验证

SkywalkingRCE-vul Skywalking远程代码执行漏洞,为CVE-2020-9483、CVE-2020-13921修复不完善遗留注入点,可被进一步了利用执行代码。 漏洞地址: githubcom/apache/skywalking/pull/6246/files mpweixinqqcom/s/hB-r523_4cM0jZMBOt6Vhw 环境 Skywalking测试环境JDK18,恶意类为JDK17编译。

References

CWE-89https://github.com/apache/skywalking/pull/4639https://nvd.nist.govhttps://github.com/Neko2sh1ro/CVE-2020-9483
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook