CWE-564 - SQL Injection: Hibernate

CWE-564

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: SQL Injection: Hibernate

Description: Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.

Common Consequences: Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data

Related Weaknesses: CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')High

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard