Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input from cookies, parameters, or request environment is being used directly to build SQL queries without proper sanitization. This allows attackers to inject malicious SQL code by manipulating input values.
Impact#
If exploited, attackers could access, modify, or delete database data, bypass authentication, or execute administrative operations. This can lead to data breaches, loss of data integrity, and severe security incidents affecting users and the organization.