CWE-564 - SQL Injection: Hibernate
CWE-564
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
SQL Injection: Hibernate
- Description
Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
- Common Consequences
Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website