Critical severity9.8NVD Advisory· Published Jun 13, 2017· Updated May 13, 2026

CVE-2017-9246

Description

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
NewRelic.AgentNuGet	< 6.3.123.0	6.3.123.0

Affected products

Newrelic/.net Agent
cpe:2.3:a:newrelic:.net_agent:*:*:*:*:*:*:*:*
Range: <=6.2.26.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.seanmcelroy.com/2017/05/26/sql-injection-with-new-relic-patched/nvdExploitThird Party Advisory
github.com/advisories/GHSA-2rvx-cvfc-mcp2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-9246ghsaADVISORY
web.archive.org/web/20221202191459/https://blog.seanmcelroy.com/2017/05/26/sql-injection-with-new-relic-patchedghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000