SYM_JSTS_0123 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
User input is being directly included in SQL query strings, rather than using parameterized queries. This practice can let attackers inject malicious SQL, making your code vulnerable to SQL injection attacks.
Impact
If exploited, an attacker could read, modify, or delete sensitive database information, potentially causing data breaches, data loss, or unauthorized access. This can lead to loss of user trust, legal consequences, and serious damage to your application's integrity.