Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends September 15. Request your voucher.

Reply
EmanuelKakuja
New Member

SQL injection in Q&A Visual

‎10-25-2021 11:28 AM

Hi everyone, 
While doing testing on one of our reports we uncovered that we can actually perform SQL injection via the Q&A visual .
You can even test this by writting 
'or 1=1--
in the Q&A visual of the Power BI sample report offered by Microsoft called "Sales and Returns sample v201912"

Is there a way to stop SQL injections from taking place via the Q&A visual ? 


Labels:
Message 1 of 3
1,524 Views
1 ACCEPTED SOLUTION
EmanuelKakuja
New Member
In response to amitchandak

‎11-01-2021 01:50 AM

Hi @amitchandak thank you for the advice ; i created the following issue ; fingers crossed 😄 

SQL injection in Q&A Visual - Microsoft Power BI Community 

 

View solution in original post

Message 3 of 3
1,379 Views
2 REPLIES 2
amitchandak
Super User
Super User

‎10-25-2021 09:12 PM

@EmanuelKakuja , Please report an issue - https://community.powerbi.com/t5/Issues/idb-p/Issues

Share with Power BI Enthusiasts: Full Power BI Video (20 Hours) YouTube
Microsoft Fabric Series 60+ Videos YouTube
Microsoft Fabric Hindi End to End YouTube
Message 2 of 3
1,415 Views
EmanuelKakuja
New Member
In response to amitchandak

‎11-01-2021 01:50 AM

Hi @amitchandak thank you for the advice ; i created the following issue ; fingers crossed 😄 

SQL injection in Q&A Visual - Microsoft Power BI Community 

 

Message 3 of 3
1,380 Views

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All