CVEs-PoC/2020/CVE-2020-9483.md

### [CVE-2020-9483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9483)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20SkyWalking&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen)

### Description

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0ps/pocassistdb
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/CLincat/vulcat
- https://github.com/DSO-Lab/pocscan
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/HaleBera/A-NOVEL-CONTAINER-ATTACKS-DATASET-FOR-INTRUSION-DETECTION
- https://github.com/HaleBera/A-NOVEL-CONTAINER-ATTACKS-DATASET-FOR-INTRUSION-DETECTION-Deployments
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/MeterianHQ/api-samples-python
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Neko-chanQwQ/CVE-2020-9483
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Veraxy00/SkywalkingRCE-vul
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/jweny/pocassistdb
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/shanika04/apache_skywalking
- https://github.com/soosmile/POC