CVE-2016-10551 - AskarLabs CVE Database

CVE-2016-10551

Vendor Hackerone

Product waterline-sequel node module

Weakness CWE-89 · SQLi

Published May 29, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.

Key dates

02Disclosure timeline

May 29, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-10551 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-2090 SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing CVE-2025-14899 CodeAstro Real Estate Management System Administrator Endpoint stateadd.php sql injection CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection CVE-2025-31343