CWE-619

Dangling Database Cursor ('Cursor Injection')

BaseIncompleteSimple

If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."

Extended description

For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.

Common consequences1

ConfidentialityIntegrityRead Application DataModify Application Data

Potential mitigations1

Implementation
Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur.

Relationships1

ChildOfCWE-402

CVEs referencing this CWE

No CVEs reference this CWE yet

CWE assignments come from NVD/CNA assigners and OSS advisories. Some CWEs (Pillars, Composites) are abstract and rarely cited directly.