Na9dro ki nesta3mlo orm ou tkon app makhdoma b restApi backend ou client ykono separated kayna possibility ya9der yasra sql injection ? Rani madertch search jani question direct hhhhhh
Thanks for the question! I guess what we forget about ORMs is that just because you don't compose SQL, it doesn't mean it's not composed. ORMs are also a piece of software which can contain bugs, in fact, `sequelize` was subject to sqli albeit being an ORM package, you can find the CVE online
