The described scenario indicates a Injection (i) attack, where the attacker exploits insufficient input

validation in a web application to manipulate queries. This type of attack falls under the category of

Broken Access Control because:

Improper Input Handling: The application fails to properly sanitize or validate user inputs, allowing

malicious commands to execute.

Direct Database Manipulation: Attackers can bypass normal authentication or gain elevated access by

injecting code.

OWASP Top Ten 2021: Lists Broken Access Control as a critical risk, often leading to data breaches

when input validation is weak.

Other options analysis:

B . Infection: Typically involves malware, which is not relevant here.

C . Buffer overflow: Involves memory management errors, not manipulation.

D . X-Path: Involves XML query manipulation, not databases.

CCOA Official Review Manual, 1st Edition Reference:

Chapter 4: Web Application Security: Discusses Injection as a common form of broken access

control.

Chapter 9: Secure Coding and Development: Stresses the importance of input validation to prevent i.