An attacker leverages a weakness present in the database access layer code
						generated with an Object Relational Mapping (ORM) tool or a weakness in the
						way that a developer used a persistence framework to inject his or her own
						SQL commands to be executed against the underlying database. The attack here
						is similar to plain SQL injection, except that the application does not use
						JDBC to directly talk to the database, but instead it uses a data access
						layer generated by an ORM tool or framework (e.g. Hibernate). While most of
						the time code generated by an ORM tool contains safe access methods that are
						immune to SQL injection, sometimes either due to some weakness in the
						generated code or due to the fact that the developer failed to use the
						generated access methods properly, SQL injection is still possible.