Displaying test cases 1 - 25 of 113211 in total
-
input : direct user input in string Xpath replace char sink : SQL query
-
input : direct user input in string Xpath replace char sink : SQL query
-
input : direct user input in string filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
Command line args filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
Command line args filtering : check if there is only numbers sink : SQL query
-
input : shell commands filtering : check if there is only numbers sink : SQL query
-
input : shell commands filtering : check if there is only numbers sink : SQL query
-
Command line args no filtering sink : SQL query
-
input : shell commands no filtering sink : SQL query
-
input : shell commands no filtering sink : SQL query
-
The SQL Injection is not possible because the arguments are validated before the MySQL query.
-
The SQL Injection is possible because the arguments are not validated before the MySQL query.
-
CWE: 89 SQL Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which ...
-
The code updates database table. User-controlled data are sanitized by using SQL parameters.
-
The code updates database table. Data are sanitized by using SQL parameters.
-
The code updates database table. User-controlled data are sanitized by using SQL parameters.
-
This code implements SQL Injection vulnerability in a "Loop" structure, data provided by the client in the text box is written as is to SQL query, without any filtering
-
This code implements SQL Injection vulnerability in a "Scope" structure, data provided by the client in the text box is written as is to SQL query, without any filtering
-
This code implements SQL Injection vulnerability, data provided by the client in the text box is written as is to SQL query, without any filtering
-
The test case has a SQL Injection weakness in a array index complexity source code.
-
The test case has a SQL Injection weakness in a array index complexity source code.
-
The test case has a SQL Injection weakness in a Scope complexity.
-
The test case has a SQL Injection weakness in a Scope complexity.
-
The test case has a SQL Injection weakness.
-
The test case has a SQL Injection weakness.