CVE-2015-9244SQL Injection in Oracle Mysql

CWE-89SQL Injection6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 23.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle MysqlMysqljs MysqlHackerone Mysql Node Module
Timeline
PublishedMay 29
Latest updateSep 1

Description

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5hackerone/mysql_node_module<=v2.0.0-alpha7
npmoracle/mysql< 2.0.0-alpha8
NVDmysqljs/mysql0.9.6+1

🔴Vulnerability Details

4
GHSA
SQL Injection in mysql2020-09-01
OSV
SQL Injection in mysql2020-09-01
OSV
CVE-2015-9244: Keys of objects in mysql node module v22018-05-29
CVEList
CVE-2015-9244: Keys of objects in mysql node module v22018-05-29

📋Vendor Advisories

1
Debian
CVE-2015-9244: node-mysql - Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped w...2015
CVE-2015-9244 — SQL Injection in Oracle Mysql | cvebase