Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User input from the AWS Lambda event object is being directly used to build SQL queries without proper sanitization. This practice allows attackers to inject malicious SQL code into your database operations.
Impact#
If exploited, attackers could manipulate database queries to access, modify, or delete sensitive data, bypass authentication, or cause data loss. This can lead to data breaches, unauthorized access, and significant harm to your application’s integrity and user trust.