In Cold Fusion, using <cfquery> is it possible to break out of a sql "IN" clause to perform a sql injection attack, with something other than a select statement as the parameter?
Wiki and google lead me to dead ends, and only mentioned the "like" statement.
I.E. Can I insert, update, delete, etc?
Psuedo code EX.<cfquery> Select * from example.table where example.arg in (#someid#) </cfquery>