Dangling Database Cursor ('Cursor Injection')

If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."

  • Source

    CWE Catalog - 4.14

  • Identifier

    CWE-619

  • Status

    Incomplete

Contents

Description

For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.

Background

A cursor is a feature in Oracle PL/SQL and other languages that provides a handle for executing and accessing the results of SQL queries.

See Also

Comprehensive Categorization: Exposed Resource

Weaknesses in this category are related to exposed resource.

SFP Secondary Cluster: Tainted Input to Command

This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Command cluster (SFP24).

Resource Management Errors

Weaknesses in this category are related to improper management of system resources.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weakness Base Elements

This view (slice) displays only weakness base elements.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.