Improperly Controlled Modification of Dynamically-Determined Object Attributes
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes |
| OWASP | A08:2021 - Software and Data Integrity Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Medium |
Description#
User input is being directly included when building SQL query strings, which makes the code vulnerable to SQL injection. Instead, always use parameterized queries or Django’s ORM to safely handle user data in database operations.
Impact#
If exploited, an attacker could run arbitrary SQL commands against your database—potentially reading, modifying, or deleting sensitive data. This can lead to data breaches, data loss, or unauthorized access to application functionality.