GrepRules
Sign inPublish rule
Explore/cve-2025-69285-python-execute-format-sqli

CVE-2025-69285: Python Execute Format Sqli

Database queries constructed with Python string derivation methods (like `.format()` or `%` substitution) bypass parameterized boundaries and risk SQL injection execution if user input reaches the formatted string. To fix this vulnerability, delegate dynamic data bindings directly to the underlying DB connector driver by passing input variables via the separ

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0Python
greprules fetch cve-2025-69285-python-execute-format-sqli --engine opengrep

Description

Database queries constructed with Python string derivation methods (like `.format()` or `%` substitution) bypass parameterized boundaries and risk SQL injection execution if user input reaches the formatted string. To fix this vulnerability, delegate dynamic data bindings directly to the underlying DB connector driver by passing input variables via the separ

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
136 downloads0 direct136 via packs
· 0 stars · Quality score 73How quality works
Included packs
2 packs