Django RasterField - SQL Injection

Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...

Exploit for SQL Injection in Djangoproject Django

CVE-2026-1207: Django GIS RasterField SQL Injection Vulnerabil...

Fedora: Security Advisory (FEDORA-2026-3adb735295)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-1207 vulnerabilities

Vulnerabilities for packages: authentik, authentik-fips, awx, label-studio...

Python Library Django 4.2.x < 4.2.28 / 5.2.x < 5.2.11 / 6.0.x < 6.0.2 Multiple Vulnerabilities

The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.28, 5.2.x prior to 5.2.11, or 6.0.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities as referenced by security release advisory: - The django.contrib.auth.handlers.modwsgi.checkpassword function...

CVE-2026-1207

creationtimestamp| type| source ---|---|--- 2026-02-03 15:53:03+00:00| seen| https://seclists.org/oss-sec/2026/q1/141 2026-02-03 17:16:15+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mdxugave7y2b 2026-02-05 11:14:02+00:00| confirmed|...

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1207 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1207 Source advisory: SNYK:PYTHON-DJANGO-15183335...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +508 more potentially affected by CVE-2026-1207 via django (>=4.0.0 <=4.2.27)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =0.1.0, =0.0.3, =4.0.9.0, =65.10.0, =65.10.3 and more Source cves: CVE-2026-1207 Source advisory: SNYK:PYTHON-DJANGO-15183335...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +21 more potentially affected by CVE-2026-1207 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-1207 Source advisory: OSV:GHSA-MWM9-4648-F68Q...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-1207 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-1207 Source advisory: OSV:GHSA-MWM9-4648-F68Q...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-1207 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-1207 Source advisory: OSV:PYSEC-2026-44...

DEBIAN-CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

UBUNTU-CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

Linux Distros Unpatched Vulnerability : CVE-2026-1207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote...

MiracleLinux 3 : firefox-3.6.7-3.0.1.AXS3, xulrunner-1.9.2.7-3.0.1.AXS3 (AXSA:2010-391:05)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-391:05 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. XULRunner provides the XUL Runtime...

CVE-2025-1207

A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather...

CVE-2020-1207

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310...

CVE-2011-1207

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a...