Safeguard
Tag

sql-injection

Safeguard articles tagged "sql-injection" — guides, analysis, and best practices for software supply chain and application security.

46 articles

Application Security

PHP security best practices guide

A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.

May 27, 20268 min read
Application Security

Securing Django applications from common vulnerabilities

Django's secure-by-default reputation hides real gaps: SQL injection via Trunc()/Extract(), ReDoS in Truncator, and misconfigured DEBUG settings still cause incidents.

May 25, 20266 min read
Vulnerability Analysis

SAP May 2026: Two CVSS 9.6 Bugs Put S/4HANA SQL and Commerce Cloud RCE in the Crosshairs

SAP's May 2026 Patch Day fixed two critical CVSS 9.6 flaws: CVE-2026-34260, an authenticated SQL injection in S/4HANA Enterprise Search, and CVE-2026-34263, an unauthenticated configuration-upload-to-RCE in SAP Commerce Cloud. Both carry cross-scope impact.

May 14, 202612 min read
Vulnerability Analysis

What is SQL Injection (SQLi)

SQL injection (CWE-89) lets attackers rewrite database queries via untrusted input — here's how SQLi works, its types, severity, and how to prevent it.

Apr 1, 20267 min read
Vulnerability Analysis

How Does SQL Injection Work

A technical walkthrough of how SQL injection works, the main attack variants, real breaches it caused, and how to detect and prevent it.

Mar 31, 20267 min read
Vulnerability Analysis

What is Input Sanitization

Input sanitization stops attacker-controlled data from executing as code. Learn how it works, how it differs from validation, and where it fails.

Jan 28, 20267 min read
Vulnerability Analysis

What Are Parameterized Queries

Parameterized queries stop SQL injection by binding user input as data instead of parsing it as SQL — here's how they work, and where they still fail.

Jan 28, 20266 min read
Industry Analysis

Rails Active Record SQL injection via raw queries and str...

A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.

Jan 26, 20267 min read
Vulnerability Analysis

MOVEit Transfer SQL injection mass-exploitation (CVE-2023-34362)

CVE-2023-34362, the MOVEit Transfer SQL injection exploited by Cl0p, hit 2,600+ organizations. Impact, timeline, and remediation steps inside.

Jan 13, 20267 min read
Vulnerability Analysis

Django QuerySet.explain SQL injection (CVE-2022-28346)

A Django ORM flaw let unvalidated input reach EXPLAIN and annotate() SQL generation. Here's the CVE-2022-28347 impact, fix, and defense playbook.

Dec 27, 20257 min read
Vulnerability Analysis

Django GIS SQL injection (CVE-2020-9402)

CVE-2020-9402 lets attackers inject SQL via Django GIS's tolerance parameter on Oracle. Versions, CVSS/EPSS data, timeline, and fixes inside.

Dec 27, 20257 min read
Vulnerability Analysis

SQL injection: a complete developer's guide

A developer's guide to SQL injection: how it works, why CWE-89 still ranks in MITRE's Top 25, real breaches, and how to detect and fix it.

Dec 14, 20257 min read
sql-injection (Page 2) — Safeguard Blog