The invention provides a vulnerability detection method. The vulnerability detection method comprises the steps of creating a set quantity of detection execution statements; sending the detection execution statements to a detection server, thereby obtaining return time delays corresponding to the detection execution statements; according to time parameters of the detection execution statements and the returned time delays, obtaining judgment parameters corresponding to the detection server; and according to the judgment parameters corresponding to the detection server, determining common gateway interface injection vulnerabilities of the detection server. The invention furthermore provides a vulnerability detection apparatus. According to the vulnerability detection method and apparatus, the vulnerabilities of the detection server are determined through the time parameters of the detection execution statements and the returned time delays, so that the detection accuracy is high; and the detection can be supported by all MySQL databases, so that the compatibility is strong.