CWE-943 - Improper Neutralization of Special Elements in Data Query Logic


The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. Depending on the capabilities of the query language, an attacker could inject additional logic into the query to: modify the intended selection criteria, thus changing which data entities are returned, modified, or otherwise manipulated, append additional commands to the query, return more entities than intended, return fewer entities than intended, cause entities to be sorted in an unexpected way. This weakness is caused during implementation of an architectural security tactic.

Latest vulnerabilities for CWE-943


Description of CWE-943 on Mitre website