Description
Hibernate ORM is an object-relational mapping tool for the Java programming language. It provides a framework for mapping an object-oriented domain model to a relational database. Hibernate Query Language (HQL) injection refers to an injection attack wherein an attacker tamper with the HQL query to execute malicious SQL statements that control a web application's database server.
Remediation
Use parameterized queries when dealing with HQL queries that contain user input. Parameterized queries allow the database to understand which parts of the HQL query should be considered as user input, therefore solving HQL injection.
References
Related Vulnerabilities
WordPress Plugin oQey Headers 'oqey_settings.php' SQL Injection (0.3)
WordPress Plugin GB Gallery Slideshow SQL Injection (1.2)
WordPress Plugin Good LMS-Learning Management System SQL Injection (2.1.4)
WordPress Plugin Smart Manager for WooCommerce & WPeC SQL Injection (3.9.6)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud SQL Injection (4.10.8)