Second Order Injection allows attackers to influence subsequent queries based on the result of the primary query.

It is usually caused when applications process user input or other external data by faulty security checks. When dynamically generated queries based on the result of the primary query are not secure, attackers can exploit these weaknesses to perform second-order injection attacks.

In a nutshell, injection and response occur in separate parts/functionalities of the same application.

• CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H