Incorrect Type Conversion or Cast
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-704: Incorrect Type Conversion or Cast |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input is being directly inserted into SQL query strings, making the code vulnerable to SQL injection. This happens when queries are manually constructed with untrusted data instead of using parameterized queries.
Impact#
If exploited, an attacker could alter, steal, or delete database records by injecting malicious SQL code. This can lead to data breaches, loss of data integrity, and compromise of sensitive information, potentially affecting both users and the organization.