Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
User input passed directly into Laravel route handlers is being used in raw SQL queries without proper sanitization. This allows attackers to manipulate SQL statements by injecting malicious input, making the code vulnerable to SQL injection.
Impact#
If exploited, an attacker could access, modify, or delete database data, bypass authentication, or escalate privileges. This could lead to data breaches, loss of sensitive information, and potentially full compromise of the application and its data.