Description
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Johannes Dahse · textremotemultiple
https://www.exploit-db.com/exploits/33203
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://sla.ckers.org/forum/read.php?16%2C24367
Vendor Advisory x_refsource_confirm
http://www.greensql.net/security
Exploit x_refsource_misc
http://bugs.mysql.com/bug.php?id=39337
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/48910
Patch x_refsource_misc
http://www.greensql.net/node/89
Patch x_refsource_misc
http://www.greensql.net/node/98
Scores
EPSS
0.0035
EPSS Percentile
57.3%
Details
CWE
CWE-89
Status
published
Products (4)
greensql/greensql_firewall
0.3.4
greensql/greensql_firewall
0.3.5
greensql/greensql_firewall
0.8.2
greensql/greensql_firewall
< 0.8.3
Published
Aug 19, 2009
Tracked Since
Feb 18, 2026