Description
SQL commands reveal information about the structure of the underlying database. This information does not create any direct impact on the target, though it provides valuable information attackers can use in their attack. Exposure of SQL commands can aid attackers in crafting more targeted and effective SQL injection attacks, potentially leading to unauthorized access to sensitive data.
Recommendation
If it’s not displayed intentionally, fix the reason causing the disclosure and make sure the SQL command is not revealed due to errors and misconfigurations. Implement proper input validation and parameterized queries to mitigate the risk of SQL injection.