SYM_CS_0023 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
User input is being directly included in SQL queries without using parameterized queries or proper sanitization. This allows attackers to manipulate the SQL statement by injecting malicious code.
Impact
If exploited, an attacker could gain unauthorized access to, modify, or delete data in the database. This may lead to data breaches, loss of data integrity, or even complete compromise of the application's backend database.