sql-injection
Safeguard articles tagged "sql-injection" — guides, analysis, and best practices for software supply chain and application security.
46 articles
PHP security best practices guide
A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.
Securing Django applications from common vulnerabilities
Django's secure-by-default reputation hides real gaps: SQL injection via Trunc()/Extract(), ReDoS in Truncator, and misconfigured DEBUG settings still cause incidents.
SAP May 2026: Two CVSS 9.6 Bugs Put S/4HANA SQL and Commerce Cloud RCE in the Crosshairs
SAP's May 2026 Patch Day fixed two critical CVSS 9.6 flaws: CVE-2026-34260, an authenticated SQL injection in S/4HANA Enterprise Search, and CVE-2026-34263, an unauthenticated configuration-upload-to-RCE in SAP Commerce Cloud. Both carry cross-scope impact.
What is SQL Injection (SQLi)
SQL injection (CWE-89) lets attackers rewrite database queries via untrusted input — here's how SQLi works, its types, severity, and how to prevent it.
How Does SQL Injection Work
A technical walkthrough of how SQL injection works, the main attack variants, real breaches it caused, and how to detect and prevent it.
What is Input Sanitization
Input sanitization stops attacker-controlled data from executing as code. Learn how it works, how it differs from validation, and where it fails.
What Are Parameterized Queries
Parameterized queries stop SQL injection by binding user input as data instead of parsing it as SQL — here's how they work, and where they still fail.
Rails Active Record SQL injection via raw queries and str...
A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.
MOVEit Transfer SQL injection mass-exploitation (CVE-2023-34362)
CVE-2023-34362, the MOVEit Transfer SQL injection exploited by Cl0p, hit 2,600+ organizations. Impact, timeline, and remediation steps inside.
Django QuerySet.explain SQL injection (CVE-2022-28346)
A Django ORM flaw let unvalidated input reach EXPLAIN and annotate() SQL generation. Here's the CVE-2022-28347 impact, fix, and defense playbook.
Django GIS SQL injection (CVE-2020-9402)
CVE-2020-9402 lets attackers inject SQL via Django GIS's tolerance parameter on Oracle. Versions, CVSS/EPSS data, timeline, and fixes inside.
SQL injection: a complete developer's guide
A developer's guide to SQL injection: how it works, why CWE-89 still ranks in MITRE's Top 25, real breaches, and how to detect and fix it.