SQL injection - Code
Description
Dynamic SQL statements are generated without the required data validation and without using parameterized statements or stored procedures.
Impact
Inject SQL statements with the possibility of obtain information about the database, as well as extracting information from it.
Recommendation
Perform database queries by means of parameterized statements or stored procedures.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.