High Nessus Plugin ID 122584
SynopsisThe remote host is vulnerable to SQL injection.
DescriptionThe scanner was able to send specially crafted input to one or more endpoints and parameters on the remote host that resulted in an injection into a SQL query, allowing arbitrary SQL statements to be executed on the remote host.
SolutionIn the case of a third party product, the vendor should be notified of this vulnerability. In the case of a custom web application, the application should be updated to use parameterized queries, which prevent an attacker from being able to inject special characters that can be used to break out of the intended context and exeute SQL statements.