SYM_RB_0039 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
User input from the event object is being used directly to build SQL queries without proper sanitization or parameterization. This makes the code vulnerable to SQL injection attacks.
Impact
If exploited, an attacker could manipulate the database by injecting malicious SQL, leading to unauthorized data access, data loss, or corruption. This could compromise sensitive information and potentially give attackers control over your application's data.