CVE-2015-1369

Sequelize <2.0.0-rc7 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.

Exploits (1)

github WORKING POC 6 stars

by AikidoSec · javascriptpoc

https://github.com/AikidoSec/zen-0-days/tree/main/node/CVE-2015-1369

View Code ZIP pw:eip

References (3)

[Exploit] https://github.com/sequelize/sequelize/pull/2919

[Exploit] https://nodesecurity.io/advisories/sequelize-sql-injection-order

[Mailing List] http://www.openwall.com/lists/oss-security/2015/01/23/2

Scores

EPSS 0.0036

EPSS Percentile 57.8%

Classification

CWE

CWE-89

Status draft

Affected Products (2)

sequelize_project/sequelize < 2.0.0

npm/sequelize < 2.0.0-rc8npm

Timeline

Published Jan 27, 2015

Tracked Since Feb 18, 2026