5.3.4 Data selection or database queries are protected against database injection attacks

Verify that data selection or database queries (e.g. SQL, HQL, ORM, NoSQL) use parameterized queries, ORMs, entity frameworks, or are otherwise protected from database injection attacks. (C3)

Level 1 X
Level 2 X
Level 3 X
CWE NIST
89