SQL Injection (Application Vulnerability)

Summary

SQL Injection is a type of security vulnerability that occurs when application does not properly sanitize user inputs. The vulnerability potentially allows attacker to arbitrarily manipulate queries sent to the database layer. This type of vulnerability is usually considered medium/high severity since private data can be leaked or integrity of data can be affected.

Types

  • Unsanitized or improper sanitized escape characters
  • Weak-typed user input handling
  • Blind SQL injection