CWE-89

GPTKB entity

Statements (24)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:affects Databases
Web Applications
gptkbp:category gptkb:Injection
gptkbp:cause gptkb:Privilege_Escalation
gptkb:Data_Breach
gptkb:Authentication_Bypass
Data Loss
gptkbp:describes Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
gptkbp:example SELECT * FROM users WHERE username = '$user' AND password = '$pass';
gptkbp:firstPublished 2006
gptkbp:hasCWE 89
https://www.w3.org/2000/01/rdf-schema#label CWE-89
gptkbp:maintainedBy gptkb:MITRE_Corporation
gptkbp:name gptkb:SQL_Injection
gptkbp:prevention Stored Procedures
Input Validation
Use of Prepared Statements
gptkbp:relatedTo gptkb:OWASP_Top_10
CWE-564
CWE-943
gptkbp:bfsParent gptkb:CWE
gptkb:CVE-2023-34362
gptkbp:bfsLayer 7