SYM_PHP_0039 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
User input is being directly inserted into SQL queries without proper handling. This makes the code vulnerable to SQL injection, where attackers can manipulate the database by sending malicious input.
Impact
If exploited, an attacker could access, modify, or delete database records, bypass authentication, or even gain full control of the database. This can lead to data breaches, loss of sensitive information, and compromise of the entire application.