Package illustrating a test case

Test case 149187

Type: source code
Pairs: 149188-v2.0.0
State: bad
Author: NIST, Alexander Hoole, Aurelien Delaitre
Status: candidate
Language: C
Submission Date: 23 Mar 2015

Description

The SQL Injection is possible because the arguments are not validated before the MySQL query.

Flaws

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Test Suites

C Test Suite for Source Code Analyzer v2 - Vulnerable

Have any comments on this test case? Please, send us an email.