Description
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-2049 | New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. |
Github GHSA |
GHSA-2rvx-cvfc-mcp2 | New Relic .NET Agent contains SQL Injection |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T17:02:43.903Z
Reserved: 2017-05-28T00:00:00.000Z
Link: CVE-2017-9246
No data.
Status : Modified
Published: 2017-06-13T18:29:00.187
Modified: 2026-06-17T01:27:44.600
Link: CVE-2017-9246
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
EUVD
Github GHSA