-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raw SQL query flagged in vulnerability testing #702
Comments
Could we have comment on this from the dev team? My app also got flagged for this now. |
Bumping this. This is also causing an issue on our application. |
Showing as a medium issue in pen testCan someone look into mitigation? |
hi @Prashoor , which tool are you using? could you share the log or its screenshot? |
@MohitIH Seems to be a long time since you made this post. Do you happen to have any updates on this issue, by chance? I am also experiencing the same in my current project. |
When testing my application for vulnerabilities using MobSF it flagged com\mixpanel\android\mpmetrics\MPDbAdapter.java for using raw SQL queries which can lead to SQL injection attacks. Here's the report :
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
Severity : High
CVSS V2: 5.9 (medium)
CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10: M7: Client Code Quality
The text was updated successfully, but these errors were encountered: