Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Building SQL queries by concatenating strings or using formatted strings with user input can allow malicious data to alter the intended SQL command. This practice makes your code vulnerable to SQL injection attacks.
Impact#
An attacker could manipulate the SQL query to access, modify, or delete database data, bypass authentication, or execute unauthorized operations. This can lead to data breaches, loss of sensitive information, and compromise of the entire application.