18 matches found
📄 MikroORM 7.0.13 SQL Injection
MikroORM version 7.0.13 suffers from a remote SQL injection vulnerability. Exploit Title: MikroORM 7.0.13 - SQL Injection Google Dork: N/A Date: 2026-05-27 Exploit Author: cardosource Vendor Homepage: https://mikro-orm.io/ Software Link: https://github.com/mikro-orm/mikro-orm Version:...
CVE-2026-44680
MikroORM is vulnerable to SQL injection via runtime-controlled identifiers and JSON-path keys. The root cause is improper escaping in the identifier-quoting helper (Platform.quoteIdentifier and PostgreSQL/MSSQL overrides) and in JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey)...
CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...
MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys
Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...
📄 Sequelize 6.37.7 SQL Injection
A remote SQL injection vulnerability exists Sequelize versions 6.37.7 and below in the JSON/JSONB where clause processing. When Sequelize parses a JSON path key containing ::, the value after :: is treated as a SQL cast type and is inserted into the generated SQL without proper validation. If an...
CVE-2026-33442 Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.
Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...
CVE-2026-33442
CVE-2026-33442 affects Kysely (TypeScript SQL query builder). In versions 0.28.12 and 0.28.13, the sanitizer for string literals only escapes single quotes, not backslashes, which under MySQL with BACKSLASH_ESCAPES can allow bypassing escaping in JSON path keys. This enables SQL injection via the...
GHSA-FR9J-6MVQ-FRCV Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.
Summary The sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path...
CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...
CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...
GHSA-WMRF-HV6W-MR66 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...
CVE-2019-10748
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...
CVE-2019-10749
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...
GHSA-2598-2F59-RMHQ SQL Injection in sequelize
Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later...
SQL Injection in sequelize
Affected versions of sequelize are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the MariaDB and MySQL dialects, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation If you are using sequelize 5.x, upgrade to version...
SQL Injection
Overview Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later. References...
SQL Injection
Overview sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection due to JSON path keys not being properly sanitized in the Postgres dialect. PoC by Snyk const Sequelize =...
SQL Injection
Overview sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. PoC by Snyk const Sequelize =...