notificationshelp_outline
CRITICAL

SQL Injection Vulnerability

Vulnerable Trace: API Endpoint /v1/auth/loginverified_user
122
const { username, password } = req.body;
123
const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`;
124
db.execute(query); ⚠️ INJECTION POINT DETECTED
Detected Payload:
' OR '1'='1
Proposed Patch (Parameterized Query)
123
const query = "SELECT * FROM users WHERE username = ? AND password = ?";
124
db.execute(query, [username, password]);
PATCH QUEUE
04Pending
warning
CORS Policy Misconfig
Origin: * detected in /v2/data
arrow_forward_ios
link_off
Broken Auth Token
Weak JWT secret detected
arrow_forward_ios
history
XSS Fixed
Successfully patched 2m ago