CWE-619Dangling Database Cursor ('Cursor Injection')

PUBLISHEDweakness record
released 2007-05-07 · last modified 2025-04-03

Metadata

CWE ID:
CWE-619
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2007-05-07
更新日期:
2025-04-03

名称

Dangling Database Cursor ('Cursor Injection')

描述

If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."

For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.

常见后果

范围:
Confidentiality, Integrity
影响:
Read Application Data, Modify Application Data

相关 CWE