SYM_PHP_0002 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
User input is being directly included in SQL queries in Laravel without proper sanitization or parameterization. This allows attackers to inject malicious SQL code and manipulate database queries.
Impact
If exploited, attackers could access, modify, or delete sensitive data, bypass authentication, or even take full control of the database. This can lead to data breaches, loss of data integrity, and severe damage to application security and reputation.