Test case 149099

Type: source code
Pairs: 149100-v2.0.0
State: bad
Author: NIST, Alexander Hoole, Aurelien Delaitre
Status: candidate
Language: C
Submission Date: 23 Mar 2015

Description

The SQL Injection is possible because the arguments are not validated. The code complexity is in the call of another function to perform the MySQL query.

Flaws

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Test Suites

C Test Suite for Source Code Analyzer v2 - Vulnerable

Have any comments on this test case? Please, send us an email.