cve/2018/CVE-2018-3754.md

### [CVE-2018-3754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3754)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

### POC

#### Reference
- https://hackerone.com/reports/311244

#### Github
- https://github.com/314ga/SecurityCourse-SQLInjection
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-3754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3754)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.`

			`### POC`

			`#### Reference`
			`- https://hackerone.com/reports/311244`

			`#### Github`
			`- https://github.com/314ga/SecurityCourse-SQLInjection`