Parameter_Tampering @ /BookDetail.cs

[apcxtest]

Checkmarx (SAST): Parameter_Tampering
Security Issue: Read More about Parameter_Tampering
Applications: ilidioc_App, Microsserviços Produtivos, test_App
Checkmarx Project: apcxtestorg/testrepo
Repository URL: https://github.com/apcxtestorg/testrepo
Branch: main
Scan ID: a078e21a-b6dc-4705-a0cf-3262f0044fe1

---

Method Rating_update_Click at line 579 of /BookDetail.cs gets user input from element Value. This input is later concatenated by the application directly into a string variable containing SQL commands, without being validated. This string is then used in method Rating_update_Click to query the database ExecuteNonQuery, at line 584 of /BookDetail.cs, without any additional filtering by the database. This could allow the user to tamper with the filter parameter.

Result #1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. Value: /BookDetail.cs[579,141]
    2. sSQL: /BookDetail.cs[579,1]
    3. sSQL: /BookDetail.cs[582,39]
    4. OleDbCommand: /BookDetail.cs[582,22]
    5. cmd: /BookDetail.cs[582,16]
    6. cmd: /BookDetail.cs[584,5]
    7. ExecuteNonQuery: /BookDetail.cs[584,9]
    Review result in Checkmarx One: Parameter_Tampering

Result #2:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. Value: /BookDetail.cs[579,69]
    2. sSQL: /BookDetail.cs[579,1]
    3. sSQL: /BookDetail.cs[582,39]
    4. OleDbCommand: /BookDetail.cs[582,22]
    5. cmd: /BookDetail.cs[582,16]
    6. cmd: /BookDetail.cs[584,5]
    7. ExecuteNonQuery: /BookDetail.cs[584,9]
    Review result in Checkmarx One: Parameter_Tampering