SYM_JAVA_0098 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Building SQL queries by concatenating or formatting strings with user input in Vert.x can make your application vulnerable to SQL injection. Instead, use prepared statements to safely handle dynamic values in SQL queries.
Impact
If exploited, attackers could manipulate your database queries, potentially exposing or modifying sensitive data, bypassing authentication, or corrupting your database. This can lead to data breaches, data loss, or unauthorized access to your application.