SQL injection

nouncandidate·updated May 9, 2026

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

Results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. (MITRE)

MWE

Classifications

per-axis with provenance

Entity Type

Threat90%rule-basedr:entity.threat.attack.v1

?unassignedlast reviewed —

Sensitivity

unclassified

Information Class

unclassified

Variants

3 surface forms

plural: SQL injections
possessive: SQL injection's
pluralpossessive: SQL injections'

Continue to:Dictionary →How is this term used per framework?Thesaurus →How does this term relate to other terms?Universal →Everything in one page.