CISA Seeks to Curtail Unforgivable SQL Injection Defects

In a joint alert with the FBI, CISA seeks to tamp down the pervasiveness of a well-known class of bugs.

SQL injection vulnerabilities continue to plague supply chains, prompting a joint alert from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on developing safer software products.
CISA and the FBI said this week that the new Secure by Design guidance is in direct response to the recent broad exploitation of an
SQLi defect
in the
MoveIT file transfer application
.
SQL injection vulnerabilities allow threat actors to inject their own data into SQL commands, allowing them to perform arbitrary queries to access sensitive information inside the database.
Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers continue to develop products with this defect, which puts many customers at risk, the
joint Secure by Design Alert
said. Vulnerabilities like SQLi have been considered by others an unforgivable vulnerability since at least 2007. Despite this finding, SQL vulnerabilities (such as CWE-89) are still a prevalent class of vulnerability.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CISA Seeks to Curtail Unforgivable SQL Injection Defects