MidnightBSD

Advisories for query-mysql_project

CVE-2018-3754 MEDIUM

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
query-mysql_project query-mysql 0.0.0
query-mysql_project query-mysql 0.0.1
query-mysql_project query-mysql 0.0.2