logo

CWE-564 - SQL Injection: Hibernate

CWE-564

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

SQL Injection: Hibernate

Description

Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Application Data, Modify Application Data

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website