Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User-controlled data from AWS Lambda event objects is being included directly in SQL statements without proper sanitization or parameterization. This allows attackers to inject malicious SQL code by manipulating input values.
Impact#
If exploited, an attacker could manipulate the database by executing unauthorized queries, such as reading, modifying, or deleting data. This can lead to data breaches, data loss, or compromise of the entire application backend.