Primary

Context

MikroORM SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability exists in MikroORM, a TypeScript ORM for Node.js, in versions prior to 6.6.10 and 7.0.6. The issue arises when specially crafted objects are treated as raw SQL query fragments, allowing for the injection of SQL code. This vulnerability can be exploited if user-controlled input is directly passed to MikroORM's query construction APIs, potentially leading to SQL injection depending on the database and the executed query.

Impact

Exploitation allows for SQL injection, where an attacker can inject and execute malicious SQL fragments, potentially manipulating the database or accessing sensitive data.

Remediation

Users can upgrade to MikroORM versions 6.6.10 or 7.0.6 to address this vulnerability.

Added: Mar 31, 2026, 4:44 PM

Updated: Mar 31, 2026, 4:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MikroORM SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating