Statements (14)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:CEO
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-23
|
| gptkbp:affects |
Web applications.
|
| gptkbp:category |
Input Validation and Representation
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
User input is directly concatenated into an SQL query.
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-897
|
| gptkbp:impact |
Allows attackers to execute arbitrary SQL commands.
|
| gptkbp:is_described_as |
The software constructs all or part of an SQL command using externally-influenced data.
|
| gptkbp:is_protected_by |
Use prepared statements with parameterized queries.
|
| gptkbp:name |
Improper Neutralization of Special Elements used in an SQL Command (' SQL Injection')
|
| gptkbp:related_to |
SQL Injection
|
| gptkbp:security_features |
gptkb:CWE-89
|