rspec/rules/S3649/rationale.adoc

Database injections (such as SQL injections) occur in an application when the
application retrieves data from a user or a third-party service and inserts it
into a database query without sanitizing it first.

If an application contains a database query that is vulnerable to injections,
it is exposed to attacks that target any database where that query is used.

A user with malicious intent carefully performs actions whose goal is to modify
the existing query to change its logic to a malicious one.

After creating the malicious request, the attacker can attack the databases
affected by this vulnerability without relying on any pre-requisites.
Modify Rule S3649: Education Framework (APPSEC-46 & APPSEC-47) (#1109) 2022-07-27 14:46:13 +02:00			`Database injections (such as SQL injections) occur in an application when the`
			`application retrieves data from a user or a third-party service and inserts it`
			`into a database query without sanitizing it first.`

			`If an application contains a database query that is vulnerable to injections,`
			`it is exposed to attacks that target any database where that query is used.`

			`A user with malicious intent carefully performs actions whose goal is to modify`
			`the existing query to change its logic to a malicious one.`

			`After creating the malicious request, the attacker can attack the databases`
			`affected by this vulnerability without relying on any pre-requisites.`