10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
87.2%
When using a MySQL database, Django don’t perform explicit conversion of the fields: * FilePathField * GenericIPAddressField * IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query itself had been manipulated. An attacker can possibly use this issue to obtain unexpected results.
CPE | Name | Operator | Version |
---|---|---|---|
pypi/django | ge | 1.4 | |
pypi/django | lt | 1.4.11 | |
pypi/django | ge | 1.5 | |
pypi/django | lt | 1.5.6 | |
pypi/django | ge | 1.6 | |
pypi/django | lt | 1.6.3 |