Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Airflow
- Attr
- Aws-lambda
- Bokeh
- Boto3
- Cassandra
- Click
- Correctness
- Couchbase
- Cryptography
- Distributed
- Django
- Docker
- Elasticsearch
- Fastapi
- Flask
- Ai
- Best practice
- Caching
- Code
- Correctness
- Db
- Generic-sql-flask
- Peewee-flask
- Pymongo-flask
- Sqlalchemy-connection-flask
- Sqlalchemy-flask-relationship
- Sqlalchemy-flask
- Debug
- Deserialization
- File
- Flask-hardcoded-database-password-uri
- Log
- Maintainability
- Net
- Os
- Regex
- Security
- Security
- Web
- Xml
- Jinja2
- Jwt
- Lang
- Ldap3
- Mariadb
- Mysql
- Mysqlclient
- Neo4j
- Openai
- Peewee
- Pg8000
- Psycopg2
- Pycryptodome
- Pyjwt
- Pymongo
- Pymssql
- Pymysql
- Pyramid
- Redis
- Requests
- Sh
- Sqlalchemy
- Tormysql
- Urllib3
- Webrepl
- Wtforms
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Sqlalchemy-flask
Sqlalchemy flask
Untrusted input might be used to build a database query, which can lead to a SQL injection vulnerability. An attacker can execute malicious SQL statements and gain unauthorized access to sensitive data, modify, delete data, or execute arbitrary system commands. Use the SQLAlchemy ORM provided functions to build SQL queries instead to avoid SQL injection.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection