目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CWE-564 SQL注入:Hibernate 类漏洞列表 7

CWE-564 SQL注入:Hibernate 类弱点 7 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-564 指在使用 Hibernate 框架执行动态 SQL 语句时,若直接拼接用户可控输入,会导致 SQL 注入漏洞。攻击者通过构造恶意输入,可篡改查询逻辑或执行任意 SQL 命令,从而窃取或破坏数据。开发者应避免直接拼接字符串,转而使用参数化查询或预编译语句,确保用户输入被正确转义,从而有效防御此类攻击。

MITRE CWE 官方描述
CWE:CWE-564 SQL Injection: Hibernate 英文:使用 Hibernate 执行由用户可控输入构建的动态 SQL 语句,可能导致攻击者修改语句的含义或执行任意 SQL 命令。
常见影响 (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
缓解措施 (5)
RequirementsA non-SQL style database which is not subject to this flaw may be chosen.
Architecture and DesignFollow the principle of least privilege when creating user accounts to a SQL database. Users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others' data.
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
ImplementationImplement SQL strings using prepared statements that bind variables. Prepared statements that do not bind variables can be vulnerable to attack.
ImplementationUse vigorous allowlist style checking on any user input that may be used in a SQL command. Rather than escape meta-characters, it is safest to disallow them entirely. Reason: Later use of data that have been entered in the database may neglect to escape meta-characters before use. Narrowly define the set of safe characters based on the expected value of the parameter in the request.
代码示例 (1)
The following code excerpt uses Hibernate's HQL syntax to build a dynamic query that's vulnerable to SQL injection.
String street = getStreetFromUser(); Query query = session.createQuery("from Address a where a.street='" + street + "'");
Bad · Java
CVE IDタイトルCVSS深刻度公開日
CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection — erupt 7.3 High2026-03-23
CVE-2026-4593 erupts erupt MCP Tool EruptDataQuery.java EruptDataQuery sql injection — erupt 6.3 Medium2026-03-23
CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier — CoreShop 4.9AIMediumAI2026-01-22
CVE-2026-22242 CoreShop Vulnerable to SQL Injection via Admin Reports — CoreShop 4.9 Medium2026-01-08
CVE-2025-8052 HQL Injection vulnerability has been discovered in Opentext Flipper. — Flipper 8.1AIHighAI2025-10-20
CVE-2024-48988 Apache StreamPark: SQL injection vulnerability — Apache StreamPark 9.8 -2025-08-22
CVE-2025-0959 Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id — Eventer - WordPress Event & Booking Manager Plugin 8.8 High2025-03-07

CWE-564(SQL注入:Hibernate) 是常见的弱点类别,本平台收录该类弱点关联的 7 条 CVE 漏洞。