CVE-2016-10554 - AskarLabs CVE Database

CVE-2016-10554

Vendor Hackerone

Product sequelize node module

Weakness CWE-89 · SQLi

Published May 31, 2018

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.

Key dates

02Disclosure timeline

May 31, 2018 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-10554 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection CVE-2024-10296 PHPGurukul Medical Card Generation System Report of Medical Card Page card-bwdates-reports-details.php sql injection CVE-2025-7198 code-projects Jonnys Liquor admin-area.php sql injection CVE-2025-8924 Campcodes Online Water Billing System viewbill.php sql injection