CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-3754

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://hackerone.com/reports/311244
https://hackerone.com/reports/311244

Products affected by CVE-2018-3754

Query-Mysql Project » Query-Mysql » Version: 0.0.0

cpe:2.3:a:query-mysql_project:query-mysql:0.0.0
Query-Mysql Project » Query-Mysql » Version: 0.0.1

cpe:2.3:a:query-mysql_project:query-mysql:0.0.1
Query-Mysql Project » Query-Mysql » Version: 0.0.2

cpe:2.3:a:query-mysql_project:query-mysql:0.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-3754

Products

Pricing

Contact Us