Vulnerability Database

319,703

Total vulnerabilities in the database

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

Published: Sep 2, 2022
Updated: Nov 4, 2025
CVE: CVE-2020-22669
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
owasp / owasp_modsecurity_core_rule_set	3.2.0	3.2.0.x
debian / debian_linux	10.0	10.0.x

https://github.com/coreruleset/coreruleset/pull/1793
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1727
https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html
https://lists.debian.org/debian-lts-announce/2025/08/msg00004.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo