Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User input from the ’event’ object is being directly included in SQL queries without proper sanitization. This allows attackers to inject malicious SQL commands into your database operations.
Impact#
If exploited, attackers could manipulate your database—viewing, modifying, or deleting sensitive data, bypassing authentication, or causing data loss. This can lead to data breaches, loss of integrity, and serious damage to your application’s security and reputation.