CWE-564SQL Injection: Hibernate

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-564
摘要:
Variant
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

SQL Injection: Hibernate

描述

Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.

常见后果

范围:
Confidentiality, Integrity
影响:
Read Application Data, Modify Application Data

相关 CWE