Unsanitized user input in SQL catalog configuration
PreviousUnsanitized User Input in Regular ExpressionNextUnsanitized user input in XML External Entity
Last updated
Last updated
Rule ID: java_lang_information_leakage
Applicable Languages: Java
Weakness ID: CWE-15
Using unsanitized user input to configure a SQL Connection's catalog can lead to serious security vulnerabilities. Attackers can manipulate the catalog name in the setCatalog
method, potentially causing harmful or unintended actions within the application.
Do not use direct user input for setting the SQL database's catalog. Always sanitize or validate input before using it in your database configuration.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our