Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3754 Vulnerability in npm package query-mysql

Description

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

Remediation

References

https://hackerone.com/reports/311244

Related Vulnerabilities

CVE-2023-45885 Vulnerability in npm package openmct

CVE-2021-23362 Vulnerability in maven package org.webjars.npm:hosted-git-info

CVE-2020-7636 Vulnerability in npm package adb-driver

CVE-2020-13410 Vulnerability in npm package aedes

CVE-2010-3863 Vulnerability in maven package org.jsecurity:jsecurity

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory