SQL & PL/SQL

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Parameter tampering

raghunadhanJun 3 2025

What is parameter tampering.while package is scanned using checkmarx tool for security reaones.it showing Parameter tampering vulenrability in below cursor at b_table_name in an pkg.

CURSOR c_check_col_exist(b_table_name TABLE_DETAILS.Table_Name%TYPE) IS
SELECT DISTINCT(UPPER(column_name)) AS column_name
FROM all_tab_cols
WHERE UPPER(table_name)= b_table_name;

Added on Jun 3 2025

#plsql

8 comments

598 views