Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
SQL Injection - Vulnerability Database

SQL Injection

Description

SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server.

Remediation

Use parameterized queries when dealing with SQL queries that contain user input. Parameterized queries allow the database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.

References

SQL Injection (SQLi)
Prevent SQL injection vulnerabilities in PHP applications and fix them
SQL Injection - OWASP
Bobby Tables: A guide to preventing SQL injection
SQL Injection Cheet Sheets - Pentestmonkey

Related Vulnerabilities

Hibernate Query Language (HQL) Injection High
Common tags: Sql Injection
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (5.8.1) High
Common tags: Sql Injection
WordPress Plugin Comments-wpDiscuz SQL Injection (5.3.5) High
Common tags: Sql Injection
WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.13.35) High
Common tags: Sql Injection
WordPress Plugin Payment Form for PayPal Pro SQL Injection (1.1.64) High
Common tags: Sql Injection

Severity

Critical

Classification

CWE-89
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Sql Injection