Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User input from the event object is being directly included in SQL queries without proper sanitization. This allows attackers to craft input that can manipulate the query, leading to SQL injection vulnerabilities.
Impact#
If exploited, attackers could read, modify, or delete data in your database, bypass authentication, or gain unauthorized access to sensitive information. This can result in data breaches, data loss, or full compromise of your application and its users.