CVE-2017-9246

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:newrelic:.net_agent:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-13 18:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-9246

Mitre link : CVE-2017-9246

CVE.ORG link : CVE-2017-9246


JSON object : View

Products Affected

newrelic

  • .net_agent
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')