Description

Unauthenticated users have access to an API that’s performing SQL queries using user controlled parameters.

An SQL injection attack consists of the insertion or “injection” of a SQL query via the input data from the client to the application.

In case the API does not sanitize parameters correctly, attackers might interact with the database and steal information.

Rationale

This finding works by identifying an API that lacks an authentication mechanism and contains code vulnerabilities permitting full or partial control of database query parameters.

Remediation

• Use of SQL prepared statements
• Avoid generating SQL queries using user parameters without sanitization
• Implement authentication to prevent non-intended users interaction with the database