CWE-564 - SQL Injection: Hibernate

Description

Using Hibernate for execution of a dynamic SQL statement built with user-controlled input allows an attacker to read and modify application data or to execute arbitrary SQL commands.

Latest vulnerabilities for CWE-564

References

Description of CWE-564 on Mitre website