CWE-564 - CERT CVE

CWE-564 - SQL Injection: Hibernate

Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.

CAPEC ID Naziv
CAPEC-109 Object Relational Mapping Injection