Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1369

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1369
Last Modified 28 Jan 2015 02:35:13
Published 27 Jan 2015 03:04:26
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1369

Summary

SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.

Vulnerable Systems

Application

  • Sequelize Project Sequelize 2.0.0


References

CONFIRM - https://nodesecurity.io/advisories/sequelize-sql-injection-order

CONFIRM - https://github.com/sequelize/sequelize/pull/2919

MLIST - [oss-security] 20150122 CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order


Last Updated: 27 May 2016 11:07:38