CVE-2018-3754

HIGH

query-mysql 0.0.0-0.0.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-3754. PoCs published by bl4de.

Description

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

Exploits (1)

github NO CODE

by bl4de · poc

https://github.com/bl4de/CVEs/tree/master/CVE-2018-3754

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://hackerone.com/reports/311244

Scores

CVSS v3 8.8

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (4)

npm/query-mysql 0npm

query-mysql_project/query-mysql 0.0.0

query-mysql_project/query-mysql 0.0.1

query-mysql_project/query-mysql 0.0.2

Published Jul 03, 2018

Tracked Since Feb 18, 2026