1 results (0.001 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1369
https://notcve.org/view.php?id=CVE-2015-1369
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. Vulnerabilidad de inyección SQL en Sequelize anterior a 2.0.0-rc7 para Node.js permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro order. • http://www.openwall.com/lists/oss-security/2015/01/23/2 https://github.com/sequelize/sequelize/pull/2919 https://nodesecurity.io/advisories/sequelize-sql-injection-order • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •