SYM_PY_0150 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Type Conversion or Cast
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-704: Incorrect Type Conversion or Cast |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User input is being directly inserted into SQL query strings, making the code vulnerable to SQL injection. This happens when queries are manually constructed with untrusted data instead of using parameterized queries.
Impact
If exploited, an attacker could alter, steal, or delete database records by injecting malicious SQL code. This can lead to data breaches, loss of data integrity, and compromise of sensitive information, potentially affecting both users and the organization.