SYM_JAVA_0021 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
User input is being directly inserted into SQL queries in Slick without proper sanitization. This allows attackers to manipulate the SQL statements by sending malicious input, leading to SQL injection vulnerabilities.
Impact
An attacker could execute unauthorized SQL commands, such as extracting, modifying, or deleting sensitive data in your database. This can lead to data breaches, loss of data integrity, and compromise of the entire application or related systems.