GrepRules
Sign inPublish rule
Explore/cve-2024-2758-cpp-sqli-concat

CVE-2024-2758: Cpp Sqli Concat

Constructing SQL queries by manually concatenating strings leaves the application vulnerable to SQL injection if user-provided data is included. Instead of using `+` to concatenate variables into a SQL string, use secure query parameterization or sanitize user input to prevent arbitrary SQL execution.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0C++β
greprules fetch cve-2024-2758-cpp-sqli-concat --engine opengrep

Description

Constructing SQL queries by manually concatenating strings leaves the application vulnerable to SQL injection if user-provided data is included. Instead of using `+` to concatenate variables into a SQL string, use secure query parameterization or sanitize user input to prevent arbitrary SQL execution.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 68How quality works
Included packs
2 packs