What is the severity of CVE-2015-9244?

CVE-2015-9244 is considered a critical vulnerability due to the potential for SQL Injection.

How do I fix CVE-2015-9244?

To fix CVE-2015-9244, upgrade to a version of the mysql node module later than 2.0.0-alpha7 that properly escapes object keys.

What types of applications are affected by CVE-2015-9244?

Applications using the mysql node module versions 2.0.0-alpha7 and earlier are affected by CVE-2015-9244.

What is the exploitation risk of CVE-2015-9244?

The exploitation risk of CVE-2015-9244 includes unauthorized access and manipulation of the database, potentially leading to data breaches.

Is CVE-2015-9244 related to specific database operations?

Yes, CVE-2015-9244 is specifically related to database operations involving unescaped object keys in SQL queries.

Vulnerability/
CVE-2015-9244

critical

9.8

CWE

29/5/2018

16/9/2024

CVE-2015-9244: SQL Injection

First published: Tue May 29 2018(Updated: )

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
MySQL	<=0.9.6
MySQL	=2.0.0-alpha
MySQL	=2.0.0-alpha2
MySQL	=2.0.0-alpha3
MySQL	=2.0.0-alpha4
MySQL	=2.0.0-alpha7
MySQL	=2.0.0-preview

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-9244?
CVE-2015-9244 is considered a critical vulnerability due to the potential for SQL Injection.
How do I fix CVE-2015-9244?
To fix CVE-2015-9244, upgrade to a version of the mysql node module later than 2.0.0-alpha7 that properly escapes object keys.
What types of applications are affected by CVE-2015-9244?
Applications using the mysql node module versions 2.0.0-alpha7 and earlier are affected by CVE-2015-9244.
What is the exploitation risk of CVE-2015-9244?
The exploitation risk of CVE-2015-9244 includes unauthorized access and manipulation of the database, potentially leading to data breaches.
Is CVE-2015-9244 related to specific database operations?
Yes, CVE-2015-9244 is specifically related to database operations involving unescaped object keys in SQL queries.

agent/references
agent/type
agent/softwarecombine
agent/severity
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/mysqljs
canonical/mysql
version/mysql/0.9.6
version/mysql/2.0.0-alpha
version/mysql/2.0.0-alpha2
version/mysql/2.0.0-alpha3
version/mysql/2.0.0-alpha4
version/mysql/2.0.0-alpha7
version/mysql/2.0.0-preview

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.