Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User input from the event object is being used directly to build SQL queries without proper sanitization or parameterization. This makes the code vulnerable to SQL injection attacks.
Impact#
If exploited, an attacker could manipulate the database by injecting malicious SQL, leading to unauthorized data access, data loss, or corruption. This could compromise sensitive information and potentially give attackers control over your application’s data.