CVE-2023-42284

CRITICAL

Tyk - SQL Injection

Title source: rule

Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.

nomisec WRITEUP

by andreysanyuk · poc

CVSS v3 9.8

EPSS 0.0934

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

Status published

Products (1)

tyk/tyk 5.0.3

Published Nov 07, 2023

Tracked Since Feb 18, 2026