Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 15476 - 15500 of 74755 in total

CWE-89

61190-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 02 Control flow: if(true) and...
CWE-89

61189-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 01 Baseline
CWE-89

61188-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 71 Data flow: data passed as an...
CWE-89

61187-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 68 Data flow: data passed as a ...
CWE-89

61186-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 67 Data flow: data passed in a ...
CWE-89

61185-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 66 Data flow: data passed in an...
CWE-89

61184-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 61 Data flow: data returned fro...
CWE-89

61183-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 54 Data flow: data passed as an...
CWE-89

61182-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 53 Data flow: data passed as an...
CWE-89

61181-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 53 Data flow: data passed as an...
CWE-89

61180-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 52 Data flow: data passed as an...
CWE-89

61179-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 51 Data flow: data passed as an...
CWE-89

61178-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 45 Data flow: data passed as a ...
CWE-89

61177-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 42 Data flow: data returned fro...
CWE-89

61176-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 41 Data flow: data passed as an...
CWE-89

61175-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 31 Data flow: make a copy of da...
CWE-89

61174-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 19 Control flow: Dead code afte...
CWE-89

61173-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 17 Control flow: for loops
CWE-89

61172-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 16 Control flow: while(true) an...
CWE-89

61171-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 15 Control flow: switch(6) and ...
CWE-89

61170-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 14 Control flow: if(IO.static_f...
CWE-89

61169-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 13 Control flow: if(IO.static_f...
CWE-89

61168-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 12 Control flow: if(IO.static_r...
CWE-89

61167-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 11 Control flow: if(IO.static_r...
CWE-89

61166-v1.0.0

Added 15 years ago

deprecated

mixed

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 10 Control flow: if(IO.static_t...

Results per page