SiteShadow
Back to vulnerability library
Detected bySecure-coding-practice checks (SCP)Pro

SCP11 Database Security

What this means

SiteShadow flagged database access patterns that are risky: query construction from untrusted input, overly broad DB permissions, missing parameterization, or unsafe ORM usage.

Why it matters

Unsafe database access can expose or corrupt sensitive data.

Safer examples

1) Parameterize queries (never concatenate)

cursor.execute("SELECT * FROM users WHERE email = %s", (email,))

2) Allowlist sort/filter fields

If users choose sort fields, map choices to known column names rather than trusting raw input.

3) Use least-privilege DB accounts

Split "read-only" vs "write" roles; restrict schema access; avoid admin DB users in apps.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.