Tag Archives: CWE- 943

CWE-943 – Improper Neutralization of Special Elements in Data Query Logic

Read Time:28 Second

Description

The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-74

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Bypass Protection Mechanism, Read Application Data, Modify Application Data, Varies by Context

 

Potential Mitigations

CVE References