{"detect":{"cwe":"CWE-89","exploit_examples":["/union/?category=widgets'+UNION+SELECT+name,value,0+FROM+secrets--+"],"owasp":"A03:2021 \u2014 Injection (SQLi)","scanner_should_fire":true,"sinks":["f-string concatenation in SELECT WHERE"],"subtype":"in-band-union-based","success_markers":["VULNLAB{sqli-union-based-extraction}"],"tags":["union-select","in-band","3-column"]},"lab_url":"/union/","sink":"string-concatenated SELECT","slug":"union","source_url":"/source/union","summary":"Product category filter concatenated into SQL; result rows are rendered.","title":"In-band UNION-based SQLi","vulnerable":true}