Description
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.seanmcelroy.com/2017/05/26/sql-injection-with-new-relic-patched/
Scores
CVSS v3
9.8
EPSS
0.0025
EPSS Percentile
48.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
newrelic/.net_agent
< 6.2.26.0
nuget/NewRelic.Agent
0 - 6.3.123.0NuGet
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026