CVE-2015-1369

LAB

Sequelize <2.0.0-rc7 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.

Exploits (1)

github WORKING POC 6 stars

by AikidoSec · javascriptpoc

https://github.com/AikidoSec/zen-0-days/tree/main/node/CVE-2015-1369

View Code ZIP pw:eip

References (3)

[Exploit] https://github.com/sequelize/sequelize/pull/2919

[Exploit] https://nodesecurity.io/advisories/sequelize-sql-injection-order

[Mailing List] http://www.openwall.com/lists/oss-security/2015/01/23/2

Scores

EPSS 0.0036

EPSS Percentile 58.2%

Lab Environment

COMMUNITY

Community Lab

docker pull mysql:8.0

https://github.com/AikidoSec/zen-0-days

View in Library

Details

CWE

CWE-89

Status published

Products (2)

npm/sequelize 0 - 2.0.0-rc8npm

sequelize_project/sequelize < 2.0.0

Published Jan 27, 2015

Tracked Since Feb 18, 2026