SQL Injection

Impact: High

Description

SQL injection is a type of attack where malicious SQL queries are inserted into input data, allowing attackers to manipulate the database. Successful exploitation can lead to data theft, modification of database records, unauthorized access, and even control over the entire database management system (DBMS).

Recommendation

Prevent SQL injection by using prepared statements or parameterized queries instead of concatenating user input into SQL queries directly. If prepared statements are not feasible, ensure proper input validation and sanitization. Employ whitelists to restrict user input wherever possible.

References

CWE-20
CWE-89
OWASP 2021-A3
OWASP: ESAPI project
OWASP: SQL Injection
Wikipedia: Prepared statement

👉 You might also like:

SQL Injection

Description

Recommendation

References

Blind SQL Injection - Vulnerability

Possible SQL Injection - Vulnerability

Joomla! Component Com_cbcontact 'contact_id' SQLI - Vulnerability

Joomla! Component Com_rsgallery2 2.0 'catid' SQLI - Vulnerability

This issue is available in SmartScanner Professional