CVE-2016-10551
CVE-2016-10551
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
29 may 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.
Productos afectados
HackerOne · waterline-sequel node module¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →