SYM_JAVA_0103 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
User input from HTTP requests is being used directly to build SQL queries without proper sanitization. This allows attackers to inject malicious SQL code, leading to SQL injection vulnerabilities.
Impact
If exploited, an attacker could read, modify, or delete data in your database, bypass authentication, or execute administrative operations. This can result in data breaches, loss of data integrity, and severe compromise of your application's security.