CWE-564βSQL Injection: Hibernate
PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11
Metadata
Weakness Name
SQL Injection: Hibernate
Description
Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.