CWE-1073β€”Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

PUBLISHEDweakness record
released 2019-01-03 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-1073
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2019-01-03
Latest Modification Date:
2025-12-11

Weakness Name

Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

Description

The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.

While the interpretation of "large number of data accesses/queries" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method.

Common Consequences

Scope:
Other
Impact:
Reduce Performance
Notes:
This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.

Related Weaknesses