漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
waterline-sequel 安全漏洞
Vulnerability Description
waterline-sequel是一个用于从Waterline查询语言生成SQL查询的辅助库。 waterline-sequel 0.50版本中存在安全漏洞。攻击者可利用该漏洞注入并执行SQL语句,获取数据库的全部访问权限。
CVSS Information
N/A
Vulnerability Type
N/A