Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
User input from the HTTP request is being passed directly to the ‘ignore’ parameter in Laravel’s Rule::unique validation. This allows attackers to inject malicious input that could alter or break the underlying SQL query.
Impact#
If exploited, an attacker could perform SQL injection, potentially exposing, modifying, or deleting database records. This could lead to data breaches, loss of data integrity, or unauthorized access to sensitive information.