Raw SQL query flagged in vulnerability testing

[MohitIH]

When testing my application for vulnerabilities using MobSF it flagged com\mixpanel\android\mpmetrics\MPDbAdapter.java for using raw SQL queries which can lead to SQL injection attacks. Here's the report :

App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.

Severity : High

CVSS V2: 5.9 (medium)
CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10: M7: Client Code Quality

[woxblom]

Could we have comment on this from the dev team? My app also got flagged for this now.

[danmazz]

Bumping this. This is also causing an issue on our application.

[Prashoor]

Showing as a medium issue in pen test

Can someone look into mitigation?

[zihejia]

hi @Prashoor , which tool are you using? could you share the log or its screenshot?

[C022IN]

@MohitIH Seems to be a long time since you made this post. Do you happen to have any updates on this issue, by chance? I am also experiencing the same in my current project.