Reply
EmanuelKakuja
New Member
Partially syndicated - Outbound

SQL injection in Q&A Visual

‎10-25-2021 11:28 AM

Hi everyone, 
While doing testing on one of our reports we uncovered that we can actually perform SQL injection via the Q&A visual .
You can even test this by writting 
'or 1=1--
in the Q&A visual of the Power BI sample report offered by Microsoft called "Sales and Returns sample v201912"

Is there a way to stop SQL injections from taking place via the Q&A visual ? 


Labels:
Message 1 of 3
1,331 Views
1 ACCEPTED SOLUTION
EmanuelKakuja
New Member
In response to amitchandak

‎11-01-2021 01:50 AM
Syndicated - Outbound

Hi @amitchandak thank you for the advice ; i created the following issue ; fingers crossed 😄 

SQL injection in Q&A Visual - Microsoft Power BI Community 

 

View solution in original post

Message 3 of 3
1,186 Views
2 REPLIES 2
amitchandak
Super User
Super User

‎10-25-2021 09:12 PM
Syndicated - Outbound

@EmanuelKakuja , Please report an issue - https://community.powerbi.com/t5/Issues/idb-p/Issues

Full Power BI Video 20 Hours YouTube
Microsoft Fabric Series 60+ Videos YouTube
Microsoft Fabric Hindi End to End YouTube
Message 2 of 3
1,222 Views
EmanuelKakuja
New Member
In response to amitchandak

‎11-01-2021 01:50 AM
Syndicated - Outbound

Hi @amitchandak thank you for the advice ; i created the following issue ; fingers crossed 😄 

SQL injection in Q&A Visual - Microsoft Power BI Community 

 

Message 3 of 3
1,188 Views
avatar user

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

Feb2025 NL Carousel

Fabric Community Update - February 2025

Find out what's new and trending in the Fabric community.

Stop
View All
Top Solution Authors (Last Month)
View All
Top Kudoed Authors (Last Month)
View All