SYM_JSTS_0124 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
User input from the event object is being directly included in SQL queries without proper sanitization. This allows attackers to craft input that can manipulate the query, leading to SQL injection vulnerabilities.
Impact
If exploited, attackers could read, modify, or delete data in your database, bypass authentication, or gain unauthorized access to sensitive information. This can result in data breaches, data loss, or full compromise of your application and its users.