Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
User input from the ’event’ object is being used directly in SQL queries without proper sanitization. This allows attackers to inject malicious SQL code by manipulating input data, making the query unsafe.
Impact#
If exploited, an attacker could read, modify, or delete database records, gain unauthorized access to sensitive information, or potentially compromise the entire database. This can lead to data breaches, loss of data integrity, and severe reputational or financial damage.