logo

CWE-564 - SQL Injection: Hibernate

  • Abstraction:Variant
  • Structure:Simple
  • Status:Incomplete
  • Release Date:2006-07-19
  • Latest Modification Date:2023-06-29

Weakness Name

SQL Injection: Hibernate

Description

Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Application Data, Modify Application Data

Related Weaknesses

CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')High