SQL injection - Code
Description
Dynamic SQL statements are generated without the required data validation and without using parameterized statements or stored procedures.
Impact
Inject SQL statements with the possibility of obtain information about the database, as well as extracting information from it.
Recommendation
Perform database queries by means of parameterized statements or stored procedures.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.
Rules
Php Sql Injection Concat QueryPython Sql Injection Unstrusted DataDart Raw Sql InjectionTypescript Nest Mysql InjectionTypescript Nest Sqlite InjectionSwift Tainted Sql InjectionTypescript Sql Injection Untrusted InputGo Gorm Sql InjectionJavascript Sql Injection Untrusted InputTypescript Nest Typeorm Sql InjectionJava Sql Injection Untrusted InputDart Insecure Storage Sql InjectionRuby Sql Injection User InputTypescript Nest Sequelize Sql InjectionScala Unsafe Xquery InjectionScala Tainted Sql InjectionGo Query String Sql InjectionPython Rawsql With Unvalidated InputPhp Raw Sql InjectionTypescript Nest Pg Sql InjectionKotlin Raw Sql InjectionPython Drivers Sql InjectionTypescript Nest Mssql InjectionTypescript Nest Oracle Sql Injection