Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
EmanuelKakuja
New Member

SQL injection in Q&A Visual

‎10-25-2021 11:28 AM

Hi everyone, 
While doing testing on one of our reports we uncovered that we can actually perform SQL injection via the Q&A visual .
You can even test this by writting 
'or 1=1--
in the Q&A visual of the Power BI sample report offered by Microsoft called "Sales and Returns sample v201912"

Is there a way to stop SQL injections from taking place via the Q&A visual ? 


Labels:
Message 1 of 3
1,842 Views
1 ACCEPTED SOLUTION
EmanuelKakuja
New Member
In response to amitchandak

‎11-01-2021 01:50 AM

Hi @amitchandak thank you for the advice ; i created the following issue ; fingers crossed 😄 

SQL injection in Q&A Visual - Microsoft Power BI Community 

 

View solution in original post

Message 3 of 3
1,697 Views
2 REPLIES 2
amitchandak
Super User
Super User

‎10-25-2021 09:12 PM

@EmanuelKakuja , Please report an issue - https://community.powerbi.com/t5/Issues/idb-p/Issues

Share with Power BI Enthusiasts: Full Power BI Video (20 Hours) YouTube
Microsoft Fabric Series 60+ Videos YouTube
Microsoft Fabric Hindi End to End YouTube
Message 2 of 3
1,733 Views
EmanuelKakuja
New Member
In response to amitchandak

‎11-01-2021 01:50 AM

Hi @amitchandak thank you for the advice ; i created the following issue ; fingers crossed 😄 

SQL injection in Q&A Visual - Microsoft Power BI Community 

 

Message 3 of 3
1,698 Views

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All