Description
An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. Typically, query escape functions or placeholders are known to prevent SQL injections. However, mysqljs/mysql is known to have different escape methods over different value types, and it could eventually cause unexpected behaviors when the attacker passes the parameter with a different value type.
This injection was detected as scanner was able to bypass the authentication mechanism and access an authenticated page.
Products, Sensors, and Dependencies
Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
---|
Tenable.io-WAS | | Web Applications | Authenticated Scan | HTTP/HTTPS | SQL Injection | Plugin ID: 113069 |