Read Time:28 Second
Description
The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Related Weaknesses
Consequences
Confidentiality, Integrity, Availability, Access Control: Bypass Protection Mechanism, Read Application Data, Modify Application Data, Varies by Context
Potential Mitigations
CVE References
- CVE-2014-2503
- Injection using Documentum Query Language (DQL)
- CVE-2014-2508
- Injection using Documentum Query Language (DQL)