CWE-564—SQL Injection: Hibernate
PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11
Metadata
名称
SQL Injection: Hibernate
描述
Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.