input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query

The SQL Injection is not possible because the arguments are validated. The code complexity is in the call of another function to perform the MySQL query.

The SQL Injection is possible because the arguments are not validated. The code complexity is in the call of another function to perform the MySQL query.

The SQL Injection is not possible because the arguments are validated.

The SQL Injection is possible if the arguments are not validated.

The SQL Injection is not possible because the arguments are validated before the MySQL query.

The SQL Injection is possible because the arguments are not validated before the MySQL query.

This servlet implements a fixed SQL injection vulnerability with a scope complexity: a SQL request is sent to the database after testing if the current name takes part of the allowed ones.

This servlet implements a fixed SQL injection vulnerability with an array index complexity: a SQL request is sent to the database after testing if the current name takes part of the allowed ones.

This servlet implements a fixed SQL injection vulnerability: a SQL request is sent to the database after testing if the current name takes part of the allowed ones.

This servlet implements an SQL injection vulnerability with a scope complexity: an unsanitized SQL request is sent to the database.

This servlet implements an SQL injection vulnerability with an array index complexity: an unsanitized SQL request is sent to the database.

This servlet implements an SQL injection vulnerability: an unsanitized SQL request is sent to the database.

The test case shows an SQL Injection in a PHP script. The defense mechanism is escaping the dangerous characters for the SQL query such as \', \" etc.

The test case shows an SQL Injection. The defense mechanism is the typecasting of the input variables.

The test case shows an SQL Injection in a PHP script.

Tainted data spliced into a SQL query leads to a SQL injection issue. (fixed version)