Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User-supplied input from public methods is being used directly in SQL statements without proper sanitization. This allows attackers to manipulate database queries by injecting malicious SQL code.
Impact#
If exploited, an attacker could access, modify, or delete sensitive data in the database, bypass authentication, or compromise the entire application. This can lead to data breaches, loss of data integrity, and severe damage to the organization’s reputation.