Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...