CWE-564: SQL Injection: Hibernate
ID
CWE-564
Abstraction
Variant
Structure
Simple
Status
Incomplete
Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
Modes of Introduction
| Phase | Note |
|---|---|
| Architecture and Design | |
| Implementation |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Base | Simple | Stable | |
| CWE-928 | Weaknesses in OWASP Top Ten (2013) | Obsolete | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Base | Simple | Stable | |
| CWE-1305 | CISQ Quality Measures (2020) | Incomplete | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Base | Simple | Stable | |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org
Loading...