SQL injection

nounid 4217·updated May 9, 2026

candidate

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

Results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. (MITRE)

MWE

Classifications

per-axis with provenance

Entity Type

Threat90%rule-basedr:entity.threat.attack.v1

Sensitivity

unclassified

Information Class

unclassified

Variants

3 surface forms

plural: SQL injections
possessive: SQL injection's
pluralpossessive: SQL injections'

Framework definitions

2 senses across 2 frameworks

SANS Glossary of Security Terms1 senseview framework →

§1: SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.

ISACA Cybersecurity Glossary1 senseview framework →

§1: Results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. (MITRE)

Outgoing relationships

term as subject — 0 triples

No outgoing triples

This term is not the subject of any RDF-style relationship yet.

Incoming relationships

term as object — 0 triples

No incoming triples

No other term currently asserts a relationship to this one.