CWE-564 - SQL Injection: Hibernate


Using Hibernate for execution of a dynamic SQL statement built with user-controlled input allows an attacker to read and modify application data or to execute arbitrary SQL commands.

Latest vulnerabilities for CWE-564

SQL Injection in Drupal Drupal 2015-08-24
Low Yes


Description of CWE-564 on Mitre website