Security Test: SQL Injection via Frontend¶
Description¶
Default Severity:
SQL injection happens when user input is directly incorporated into an SQL query without proper checks, allowing attackers to manipulate the query and run their own commands. This can lead to unauthorized access, changes to or loss of data, service disruptions, or even full system control. The main pitfall is assuming that user input is safe and not using techniques like parameterized queries or prepared statements, which are essential to block these kinds of attacks.
Reference:
Configuration¶
Identifier:
frontend_injection/sql
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API9:2023 |
OWASP LLM Top 10 | LLM06:2023 |
PCI DSS | 6.5.1 |
GDPR | Article-32 |
SOC2 | CC1 |
PSD2 | Article-95 |
ISO 27001 | A.14.2 |
NIST | SP800-53 |
FedRAMP | AC-7 |
CWE | 89 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C |
CVSS Score | 8.7 |