Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code builds SQL queries by directly concatenating or inserting user input into the query string. This practice makes it easy for attackers to inject malicious SQL code and manipulate the database.
Impact#
If exploited, an attacker could read, modify, or delete sensitive data in your database, potentially leading to data breaches, data loss, or unauthorized access to user accounts. This can severely compromise both the security and integrity of your application and its users.