Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements instead. You can obtain a PreparedStatement using ‘SqlCommand’ and ‘SqlParameter’. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP: - A01:2017 - Injection
- A03:2021 - Injection