Raw SQL query flagged in vulnerability testing #702
Comments
|
Could we have comment on this from the dev team? My app also got flagged for this now. |
|
Bumping this. This is also causing an issue on our application. |
Showing as a medium issue in pen testCan someone look into mitigation? |
|
hi @Prashoor , which tool are you using? could you share the log or its screenshot? |
|
@MohitIH Seems to be a long time since you made this post. Do you happen to have any updates on this issue, by chance? I am also experiencing the same in my current project. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When testing my application for vulnerabilities using MobSF it flagged com\mixpanel\android\mpmetrics\MPDbAdapter.java for using raw SQL queries which can lead to SQL injection attacks. Here's the report :
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
Severity : High
CVSS V2: 5.9 (medium)
CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10: M7: Client Code Quality
The text was updated successfully, but these errors were encountered: