SQL Injection


The application is vulnerable to SQL injection attacks. The application uses user-supplied data to construct SQL database queries. An attacker is able to submit user input in order to change the structure of SQL statements and effectively bypass application logic. Once the attacker can control the application’s SQL syntax, they can send commands directly to the database with the same privileges of the application in order to query or update application data. 

Custom Description


Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply