diff --git a/src/test/java/org/sasanlabs/service/vulnerability/sqlInjection/ErrorBasedSQLInjectionVulnerabilityTest.java b/src/test/java/org/sasanlabs/service/vulnerability/sqlInjection/ErrorBasedSQLInjectionVulnerabilityTest.java
new file mode 100644
index 00000000..a665b754
--- /dev/null
+++ b/src/test/java/org/sasanlabs/service/vulnerability/sqlInjection/ErrorBasedSQLInjectionVulnerabilityTest.java
@@ -0,0 +1,146 @@
+package org.sasanlabs.service.vulnerability.sqlInjection;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.verify;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import org.sasanlabs.vulnerability.utils.Constants;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.jdbc.core.PreparedStatementCreator;
+import org.springframework.jdbc.core.PreparedStatementSetter;
+import org.springframework.jdbc.core.ResultSetExtractor;
+
+class ErrorBasedSQLInjectionVulnerabilityTest {
+
+    private ErrorBasedSQLInjectionVulnerability errorBasedSQLInjectionVulnerability;
+    private JdbcTemplate template;
+
+    @BeforeEach
+    void setUp() {
+        template = Mockito.mock(JdbcTemplate.class);
+
+        // Mock database
+        doReturn(null)
+                .when(template)
+                .query(anyString(), (ResultSetExtractor<? extends Object>) any());
+        doReturn(null)
+                .when(template)
+                .query(
+                        anyString(),
+                        (PreparedStatementSetter) any(),
+                        (ResultSetExtractor<? extends Object>) any());
+
+        errorBasedSQLInjectionVulnerability = new ErrorBasedSQLInjectionVulnerability(template);
+    }
+
+    @Test
+    void doesCarInformationExistsLevel1_ExpectParamEscaped() throws IOException {
+        // Act
+        final Map<String, String> queryParams = Collections.singletonMap("id", "1");
+        errorBasedSQLInjectionVulnerability.doesCarInformationExistsLevel1(queryParams);
+
+        // Assert
+        verify(template)
+                .query(
+                        eq("select * from cars where id=1"),
+                        (ResultSetExtractor<? extends Object>) any());
+    }
+
+    @Test
+    void doesCarInformationExistsLevel2_ExpectParamEscaped() throws IOException {
+        // Act
+        final Map<String, String> queryParams = Collections.singletonMap("id", "1");
+        errorBasedSQLInjectionVulnerability.doesCarInformationExistsLevel2(queryParams);
+
+        // Assert
+        verify(template)
+                .query(
+                        eq("select * from cars where id='1'"),
+                        (ResultSetExtractor<? extends Object>) any());
+    }
+
+    @Test
+    void doesCarInformationExistsLevel3_ExpectParamEscaped() throws IOException {
+        // Act
+        final Map<String, String> queryParams = Collections.singletonMap("id", "1'");
+        errorBasedSQLInjectionVulnerability.doesCarInformationExistsLevel3(queryParams);
+
+        // Assert
+        verify(template)
+                .query(
+                        eq("select * from cars where id='1'"),
+                        (ResultSetExtractor<? extends Object>) any());
+    }
+
+    @Test
+    void doesCarInformationExistsLevel4_ExpectValidResponse() {
+        // Arrange
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put(Constants.ID, "1'");
+
+        // Mock the response entity
+        ResponseEntity<String> mockResponseEntity =
+                ResponseEntity.status(HttpStatus.OK).body("Sample response");
+        doReturn(mockResponseEntity)
+                .when(template)
+                .query(
+                        Mockito.any(PreparedStatementCreator.class),
+                        Mockito.any(PreparedStatementSetter.class),
+                        Mockito.any(ResultSetExtractor.class));
+
+        // Act
+        ResponseEntity<String> response =
+                errorBasedSQLInjectionVulnerability.doesCarInformationExistsLevel4(queryParams);
+
+        // Assert
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertEquals("Sample response", response.getBody());
+        verify(template)
+                .query(
+                        Mockito.any(PreparedStatementCreator.class),
+                        Mockito.any(PreparedStatementSetter.class),
+                        Mockito.any(ResultSetExtractor.class));
+    }
+
+    @Test
+    void doesCarInformationExistsLevel5_ExpectValidResponse() {
+        // Arrange
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put(Constants.ID, "1");
+
+        // Mock the response entity
+        ResponseEntity<String> mockResponseEntity =
+                ResponseEntity.status(HttpStatus.OK).body("Sample response");
+        doReturn(mockResponseEntity)
+                .when(template)
+                .query(
+                        Mockito.any(PreparedStatementCreator.class),
+                        Mockito.any(PreparedStatementSetter.class),
+                        Mockito.any(ResultSetExtractor.class));
+
+        // Act
+        ResponseEntity<String> response =
+                errorBasedSQLInjectionVulnerability.doesCarInformationExistsLevel5(queryParams);
+
+        // Assert
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertEquals("Sample response", response.getBody());
+        verify(template)
+                .query(
+                        Mockito.any(PreparedStatementCreator.class),
+                        Mockito.any(PreparedStatementSetter.class),
+                        Mockito.any(ResultSetExtractor.class));
+    }
+}