SQL Injection
SQL Injection occurs when untrusted input is concatenated into SQL queries, enabling execution of unintended commands.
#appsec#cwe#capec
Last updated: 2025-09-02T00:00:00.000Z
Differences across sources
Parallel sources use distinct terminology or emphasize different aspects.
Review each citation to understand scope and normative intent.
Evidence
CWE CWE-89 Normative evidence
CAPEC CAPEC-66 Informative evidence
Mappings
CWE-89 CAPEC-66
More context
Use parameterized queries, least privilege, and input validation to prevent injection.