CWE-89 是指“SQL命令中使用的特殊元素的不适当中和(SQL Injection)”,这是一种常见的软件安全弱点。以下是针对你问题的详细回答: 解释CWE-89是什么: CWE-89 是一种安全漏洞,它描述了当应用程序将用户输入直接嵌入到SQL查询中,而没有对这些输入进行适当的验证或转义时,可能发生的安全问题。这种不当处理可能导致...
SQL Injection flaws occur when you create a SQL statement by building a String that includes untrusted data, such as input from a web form, cookie, or URL query-string.
We may come across flaws that flagged for CWE 89 SQL Injection on perfectly parameterized PreparedStatement. Because we realized that, the SQL queries use variables for their table name or column name. For example. Class EmployeeDaoImpl{ Public Employee insertEmp(Employee employee){ .. .. .. /...
CWE-89:SQL注入(SQL Injection) SQL注入是一种常见的网络攻击手法,攻击者通过在用户输入的数据中注入恶意的SQL代码,从而实现对数据库的非授权操作,如删除、修改、查询、添加等。为了防范SQL注入攻击,开发人员应当使用参数化查询或预编译语句,并对用户输入进行严格的验证和过滤。 CWE-20:不正确的输入验证(Improper Inp...
Description A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via...
CWE-89 C/C++ cpp/sql-injection Uncontrolled data in SQL query CWE-114 C/C++ cpp/uncontrolled-process-operation Uncontrolled process operation CWE-118 C/C++ cpp/offset-use-before-range-check Array offset used before range check CWE-118 C/C++ cpp/double-free Potential double free CWE-118 C/C+...
6. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 89 7. Use After Free 416 8. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 22 9. Cross-Site Request Forgery (CSRF) 352 10. Unrestricted Upload of File with Danger...
CWE-89 - improperly neutralizing special elements in SQL commands (SQL injection). Severity score: 22.11 CWE-20 - improperly validating input. Severity score: 20.63. CWE-125 - out-of-bounds reading. Severity score: 17.67. CWE-78 - improperly neutralizing special elements in operating system comma...
VeraCode报告ServiceStack OrmLite中用于SQL命令(‘Special’) (CWE 89)中的特殊元素的中性不正确前言 在...
CWE-89 C# cs/sql-injection SQL query built from user-controlled sources CWE-90 C# cs/ldap-injection LDAP query built from user-controlled sources CWE-91 C# cs/xml-injection XML injection CWE-91 C# cs/xml/xpath-injection XPath injection CWE-93 C# cs/web/disabled-header-checking Header checki...