Connection_String_Injection issue exists @ install.java in branch netbeans

The application's setup method receives untrusted, user-controlled data, and uses this data to connect to a database using BinaryExpr, at line 122 of /src/java/controller/install.java. This may enable a Connection String Injection attack.

The attacker can inject the connection string via user input, ""dbname"", which is retrieved by the application in the processRequest method, at line 59 of /src/java/controller/install.java.

Namespace: TaynaCT
Repository: JavaVulnerableLab
Repository Url: https://github.com/TaynaCT/JavaVulnerableLab
CxAST-Project: TaynaCT/JavaVulnerableLab
CxAST platform scan: ec6e1015-2689-4742-939a-0072f10bf172
Branch: netbeans
Application: JavaVulnerableLab
Severity: HIGH
State: TO_VERIFY
Status: RECURRENT
CWE: 99
Lines: 55 59

References
Read more