Standardlikelihood: Highseverity: HighDraft

CAPEC-66SQL Injection

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.

Related weaknesses· 2

CWE-89CWE-1286

Related attack patterns· 1

CAPEC-248 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-89100%live
WeaknessImproper Validation of Syntactic Correctness of Inputcwe-1286100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Command Injection
CAPEC
XML Injection
CAPEC
Command Line Execution through SQL Injection
CAPEC
Argument Injection
CAPEC
LDAP Injection
CAPEC
SQL Injection through SOAP Parameter Tampering
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.