GreenSQL Firewall 0.9.x - WHERE Clause Security Bypass

Author: Johannes Dahse
type: remote
platform: multiple
port: 
date_added: 2009-09-02  
date_updated: 2014-05-06  
verified: 1  
codes: CVE-2008-6992;OSVDB-48910  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 33203.txt  

source: https://www.securityfocus.com/bid/36209/info

GreenSQL Firewall is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions. Successfully exploiting this issue may aid in SQL attacks on the underlying application.

The following sample SQL expression is available:

x=y=z