Second Order SQL Injection

Second order SQL injection happens when an application stores user-controlled input and later uses it unsafely in a separate database operation. Because the payload may not execute immediately, this vulnerability can be harder to identify during standard testing. It is especially risky in enterprise applications where stored profile data, logs, forms, or configuration values are reused across internal workflows.