Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
User input from the ’event’ object is being used directly in SQL queries without proper sanitization. This allows attackers to inject malicious SQL code if the input is not handled safely. Always use parameterized queries to prevent SQL injection.
Impact#
If exploited, an attacker could manipulate the database by reading, modifying, or deleting data, or even executing administrative operations. This can lead to data breaches, loss of data integrity, and compromise of sensitive information within your application.