SQL Injection - Headers
Description
The application allows injecting SQL statements in the idClient header and application fields.
Impact
- Obtain confidential information from the database. - Modify and delete information from the database.
Recommendation
Perform database queries by means of parameterized statements or stored procedures.
Threat
Authenticated internal attacker in the application.
Expected Remediation Time
⏱️ 60 minutes.