SYM_JSTS_0111 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | High |
Description
SQL queries are being constructed using function arguments without proper sanitization, which can allow untrusted input to be included directly in database statements. This makes the code vulnerable to SQL injection attacks if user input is not handled safely.
Impact
If exploited, an attacker could manipulate the SQL queries to access, modify, or delete database data, bypass authentication, or escalate privileges. This can result in data breaches, loss of data integrity, and potential compromise of the entire application.