Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2016-10551
HistoryApr 26, 2018 - 12:00 a.m.

CVE-2016-10551

2018-04-2600:00:00
CWE-89
hackerone
www.cve.org

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline’s like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.

CNA Affected

[
  {
    "product": "waterline-sequel node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "0.5.0"
      }
    ]
  }
]

Related

nodejs 1
osv 1
prion 1
nvd 1
github 1
cve 1
nodejs
nodejs
SQL Injection
2016-05-06 16:50:34
osv
osv
SQL Injection in waterline-sequel
2019-02-18 23:54:28
prion
prion
Hardcoded credentials
2018-05-29 20:29:00
nvd
nvd
CVE-2016-10551
2018-05-29 20:29:00
github
github
SQL Injection in waterline-sequel
2019-02-18 23:54:28
cve
cve
CVE-2016-10551
2018-05-29 20:29:00

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON
Related for CVELIST:CVE-2016-10551
nodejs1osv1prion1nvd1github1cve1