https://goforthom.as/tags/security/Recent content in Security on Thomas WalkerHugo -- gohugo.ioenhello@goforthom.as (Thomas Walker)hello@goforthom.as (Thomas Walker)© 2026 Thomas WalkerWed, 10 Jun 2026 20:22:08 +0000https://goforthom.as/posts/addencodedquery-condition-injection/Wed, 10 Jun 2026 20:22:08 +0000hello@goforthom.as (Thomas Walker)https://goforthom.as/posts/addencodedquery-condition-injection/How user input concatenated into addEncodedQuery() can silently bypass your filters — one ^NQ rewrites the whole query — proven with a live 72-versus-0 row count.