Use of externally-controlled input to build connection string High

Use of unsanitized user input to build connection strings can result in a connection string injection attack. An attacker can manipulate the connection string values to bypass authentication checks, and access restricted data and resources on the server.

Detector ID
Common Weakness Enumeration (CWE) external icon