Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-9483

Description

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.

POC

Reference

No PoCs from references.

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0ps/pocassistdb

- https://github.com/20142995/nuclei-templates

- https://github.com/AMH-glitch/CHWA-LB-IDSDATASET

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/ArrestX/--POC

- https://github.com/CLincat/vulcat

- https://github.com/DSO-Lab/pocscan

- https://github.com/DrAmmarMoustafa/CHASE-LB-Container-Dataset

- https://github.com/DrAmmarMoustafa/CHASE-LB-Container-IDS-Dataset

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/HaleBera/A-NOVEL-CONTAINER-ATTACKS-DATASET-FOR-INTRUSION-DETECTION

- https://github.com/HaleBera/A-NOVEL-CONTAINER-ATTACKS-DATASET-FOR-INTRUSION-DETECTION-Deployments

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/MeterianHQ/api-samples-python

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/Neko-chanQwQ/CVE-2020-9483

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Veraxy00/SkywalkingRCE-vul

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/jweny/pocassistdb

- https://github.com/n0-traces/cve_monitor

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/pen4uin/awesome-vulnerability-research

- https://github.com/pen4uin/vulnerability-research

- https://github.com/pen4uin/vulnerability-research-list

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/shanika04/apache_skywalking

- https://github.com/soosmile/POC

- https://github.com/tuaandatt/Apache-Skywalking-8.3.0

- https://github.com/tuaandatt/CVE-2020-9483---Apache-Skywalking-8.3.0