CVSS: 9.9EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22579 – Sequalize - Unsafe fall-through in getWhereConditions
https://notcve.org/view.php?id=CVE-2023-22579
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. • https://csirt.divd.nl/CVE-2023-22579 https://csirt.divd.nl/DIVD-2022-00020 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22578 – Sequalize - Default support for “raw attributes” when using parentheses
https://notcve.org/view.php?id=CVE-2023-22578
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. • https://csirt.divd.nl/CVE-2023-22578 https://csirt.divd.nl/DIVD-2022-00020 • CWE-790: Improper Filtering of Special Elements •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22580 – Sequalize - Bad query filtering leading to SQL errors
https://notcve.org/view.php?id=CVE-2023-22580
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php. • https://csirt.divd.nl/CVE-2023-22580 https://csirt.divd.nl/DIVD-2022-00020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •