CWE-1073Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

PUBLISHEDweakness record
released 2019-01-03 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1073
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2019-01-03
更新日期:
2025-12-11

名称

Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

描述

The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.

While the interpretation of "large number of data accesses/queries" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method.

常见后果

范围:
Other
影响:
Reduce Performance
注释:
This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.

相关 CWE