CWE-619
Dangling Database Cursor ('Cursor Injection')
Description
If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."
For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Application Data, Modify Application Data
Potential Mitigations
Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now