{"id":51753,"date":"2026-05-06T12:51:21","date_gmt":"2026-05-06T12:51:21","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=51753"},"modified":"2026-05-06T12:51:21","modified_gmt":"2026-05-06T12:51:21","slug":"hibernate-orm-5615-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=51753","title":{"rendered":"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500"},"content":{"rendered":"

{“lastseen”:”2026-05-06T16:46:31″,”description”:”Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability…”,”published”:”2026-05-06T00:00:00″,”modified”:”2026-05-06T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220500″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-0603″],”sourceData”:”# CVE-2026-0603 Hibernate ORM Injection \/ Second-Order SQL Injection\\n \\n \u2605 CVE-2026-0603 Hibernate SQL Injection PoC \u2605\\n \\n https:\/\/github.com\/user-attachments\/assets\/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f\\n \\n \\u003cbr\\u003e\\n \\n # Overview\\n \\u003e **CVE-2026-0603** is a **Second-Order SQL Injection** vulnerability in **Hibernate ORM**, a widely used Java ORM framework. \\n \\u003e When a user-supplied string primary key containing a malicious SQL payload is used in a bulk DELETE or UPDATE operation, Hibernate inserts the value directly into the WHERE clause without sanitization, causing **unintended mass deletion or modification of database records**.\\n \\n \\u003cbr\\u003e\\n \\n # Affected Versions\\n | Category | Version |\\n |—|—|\\n | **Vulnerable** | Hibernate ORM **5.2.8 \u2264 version \u2264 5.6.15** |\\n | **Patched** | No official patch **(5.6.x EOL)** |\\n \\n \\u003cbr\\u003e\\n \\n # Impact\\n – Mass deletion of records across multiple tables\\n – Mass modification of records across multiple tables\\n – Potential exfiltration of sensitive data from the database\\n \\n \\u003cbr\\u003e\\n \\n # Environment\\n “`bash\\n docker build -t cve-2026-0603-hibernate-vuln .\\n docker run –rm -it -p 8080:8080 –name hibernate-vuln cve-2026-0603-hibernate-vuln\\n “`\\n \\n \\u003cbr\\u003e\\n \\n # PoC\\n After starting the vulnerable environment, follow the steps below to reproduce the attack.\\n \\n ## Step 1. Register with a malicious username \\n “`bash\\n username: ‘ or ‘1’ = ‘1\\n “`\\n \\n ## Step 2. Trigger update or delete\\n Click the update or delete button on the registered account.\\n \\n \\n ## Step 3. Confirm all user data is affected\\n Verify that the DELETE or UPDATE query was applied to all rows, not just the registered account.\\n For DELETE, all records across both tables are removed.\\n For UPDATE, all records are modified with the attacker-supplied values.\\n \\n \\u003cbr\\u003e\\n \\n # Mitigation\\n – Remove the `InlineIdsOrClauseBulkIdStrategy` setting from `application.yml`\\n – If `InlineIdsOrClauseBulkIdStrategy` must be used, apply strict **whitelist-based input validation** on any user-supplied primary key values to reject SQL control characters\\n \\n \\u003cbr\\u003e\\n \\n # Analysis\\n – KR: https:\/\/www.skshieldus.com\/security-insights\/reports\/eqst-orm-injection-explained\\n – EN:”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220500″,”cvss”:{“score”:8.3,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220500\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-05-06T16:46:31″,”description”:”Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability…”,”published”:”2026-05-06T00:00:00″,”modified”:”2026-05-06T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220500″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-0603″],”sourceData”:”# CVE-2026-0603 Hibernate ORM Injection \/ Second-Order SQL…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,99,12,15,13,53,7,11,5],"class_list":["post-51753","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-83","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=51753\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-05-06T16:46:31″,”description”:”Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability…”,”published”:”2026-05-06T00:00:00″,”modified”:”2026-05-06T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220500″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-0603″],”sourceData”:”# CVE-2026-0603 Hibernate ORM Injection \/ Second-Order SQL...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=51753\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-06T12:51:21+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=51753#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=51753\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500\",\"datePublished\":\"2026-05-06T12:51:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=51753\"},\"wordCount\":498,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.3\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=51753#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=51753\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=51753\",\"name\":\"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-06T12:51:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=51753#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=51753\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=51753#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=51753","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500 - zero redgem","og_description":"{“lastseen”:”2026-05-06T16:46:31″,”description”:”Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability…”,”published”:”2026-05-06T00:00:00″,”modified”:”2026-05-06T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220500″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-0603″],”sourceData”:”# CVE-2026-0603 Hibernate ORM Injection \/ Second-Order SQL...","og_url":"https:\/\/zero.redgem.net\/?p=51753","og_site_name":"zero redgem","article_published_time":"2026-05-06T12:51:21+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=51753#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=51753"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500","datePublished":"2026-05-06T12:51:21+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=51753"},"wordCount":498,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.3","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=51753#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=51753","url":"https:\/\/zero.redgem.net\/?p=51753","name":"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-06T12:51:21+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=51753#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=51753"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=51753#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Hibernate ORM 5.6.15 SQL Injection_PACKETSTORM:220500"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/51753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=51753"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/51753\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=51753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=51753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=51753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}