Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User input from the event object is being used directly in SQL queries without proper sanitization. This allows attackers to inject malicious SQL code by manipulating the input.
Impact#
If exploited, attackers could access, modify, or delete sensitive database data, potentially exposing user information or compromising application integrity. This could lead to data breaches, loss of trust, and significant legal or financial repercussions.