Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3754 Vulnerability in npm package query-mysql

Description

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

Remediation

References

https://hackerone.com/reports/311244

Related Vulnerabilities

CVE-2019-14653 Vulnerability in maven package org.webjars.bower:editor.md

CVE-2022-1291 Vulnerability in npm package tableexport.jquery.plugin

CVE-2022-1365 Vulnerability in npm package cross-fetch

CVE-2020-35728 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-35961 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory