Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 22051 - 22075 of 113211 in total

CWE-89

253454-v1.0.0

Added 4 years ago

candidate

good

Source: _GET Sanitization: bin2hex Dataflow: assignment Context: sql_quotes Sink: mysqli_real_query_method_prm__<$>(db)
CWE-89

253290-v1.0.0

Added 4 years ago

candidate

good

Source: _REQUEST Sanitization: intval Dataflow: assignment Context: sql_plain Sink: pdo_query_prm__<$>(pdo)
CWE-89

253271-v1.0.0

Added 4 years ago

candidate

good

Source: _REQUEST Sanitization: bin2hex Dataflow: assignment Context: sql_plain Sink: pg_query_prm__<$>(db)
CWE-89

253216-v1.0.0

Added 4 years ago

candidate

good

Source: _GET Sanitization: crc32 Dataflow: assignment Context: sql_apostrophe Sink: mssql_sqlsrv_prepare_prm__<$>(db)
CWE-89

253014-v1.0.0

Added 4 years ago

candidate

good

Source: _REQUEST Sanitization: bindec Dataflow: assignment Context: sql_apostrophe Sink: mysqli_real_query_prm__<$>(db)
CWE-89

252986-v1.0.0

Added 4 years ago

candidate

good

Source: _GET Sanitization: intval Dataflow: assignment Context: sql_plain Sink: pdo_query_prm__<$>(pdo)
CWE-89

252942-v1.0.0

Added 4 years ago

candidate

good

Source: _COOKIE Sanitization: ord Dataflow: assignment Context: sql_apostrophe Sink: mysqli_multi_query_prm__<$>(db)
CWE-89

252782-v1.0.0

Added 4 years ago

candidate

good

Source: _GET Sanitization: floatval Dataflow: assignment Context: sql_apostrophe Sink: sqlite3_query_prm__<$>(db)
CWE-89

252770-v1.0.0

Added 4 years ago

candidate

bad

Source: _REQUEST Sanitization: addslashes Dataflow: assignment Context: sql_plain Sink: pdo_query_prm__<$>(pdo)
CWE-89

252664-v1.0.0

Added 4 years ago

candidate

good

Source: _COOKIE Sanitization: doubleval Dataflow: assignment Context: sql_apostrophe Sink: mysqli_multi_query_method_prm__<$>(db)
CWE-89

252535-v1.0.0

Added 4 years ago

candidate

good

Source: _GET Sanitization: bindec Dataflow: assignment Context: sql_apostrophe Sink: pdo_prepare_prm__<$>(pdo)
CWE-89

252522-v1.0.0

Added 4 years ago

candidate

bad

Source: _COOKIE Sanitization: nosanitization Dataflow: assignment Context: sql_apostrophe Sink: mysqli_real_query_method_prm__<$>(db)
CWE-89

252487-v1.0.0

Added 4 years ago

candidate

good

Source: _COOKIE Sanitization: hexdec Dataflow: assignment Context: sql_quotes Sink: sqlite3_query_prm__<$>(db)
CWE-89

252395-v1.0.0

Added 4 years ago

candidate

bad

Source: _REQUEST Sanitization: addslashes Dataflow: assignment Context: sql_plain Sink: mysqli_real_query_method_prm__<$>(db)
CWE-89

252392-v1.0.0

Added 4 years ago

candidate

bad

Source: getallheaders Sanitization: addslashes Dataflow: assignment Context: sql_plain Sink: db2_exec_prm__<$>(db)
CWE-89

252328-v1.0.0

Added 4 years ago

candidate

good

Source: _POST Sanitization: hexdec Dataflow: assignment Context: sql_plain Sink: mysqli_prepare_prm__<$>(db)
CWE-89

252244-v1.0.0

Added 4 years ago

candidate

good

Source: getallheaders Sanitization: crc32 Dataflow: assignment Context: sql_apostrophe Sink: mysqli_multi_query_prm__<$>(db)
CWE-89

252205-v1.0.0

Added 4 years ago

candidate

good

Source: _COOKIE Sanitization: crc32 Dataflow: assignment Context: sql_plain Sink: mysqli_multi_query_prm__<$>(db)
CWE-564

156515-v1.0.0

Added 10 years ago

candidate

bad

Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata -Base program: Apache POI - Source Taint: SOCKET - Data Type: simple - Data Flow: basic - Control Flow: in...
CWE-564

156509-v1.0.0

Added 10 years ago

candidate

bad

Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: IN...
CWE-564

156505-v1.0.0

Added 10 years ago

candidate

bad

Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata -Base program: Apache Jena - Source Taint: FILE_CONTENTS - Data Type: void_pointer - Data Flow: basic - Co...
CWE-564

156504-v1.0.0

Added 10 years ago

candidate

bad

Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Data Fl...
CWE-564

156501-v1.0.0

Added 10 years ago

candidate

bad

Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata - Base program: JTree - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: ...
CWE-564

156496-v1.0.0

Added 10 years ago

candidate

bad

Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata -Base program: Elastic Search - Source Taint: FILE_CONTENTS - Data Type: void_pointer - Data Flow: var_arg...
CWE-564

156495-v1.0.0

Added 10 years ago

candidate

bad

Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata - Base program: Apache Jena - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: ADDRESS_AS_CONSTA...

Results per page