6 matches found
📄 Django 5.1.13 SQL Injection
Django version 5.1.13 suffers from a remote SQL injection vulnerability. Exploit Title: Django 5.1.13 - SQL Injection Google Dork: none Not applicable for this vulnerability Date: 2025-12-03 Exploit Author: Wafcontrol Security Team Vendor Homepage: https://www.djangoproject.com/ Software Link:...
Django 5.1.13 - SQL Injection
Exploit Title: Django 5.1.13 - SQL Injection Google Dork: none Not applicable for this vulnerability Date: 2025-12-03 Exploit Author: Wafcontrol Security Team Vendor Homepage: https://www.djangoproject.com/ Software Link: https://www.djangoproject.com/download/ Version: 5.2 before 5.2.8, 5.1 befo...
SQL Injection
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the connector argument in the QuerySet.filter, QuerySet.exclude, QuerySet.get, and Q objects. A dictionary usin...
CVE-2025-64459
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...
CVE-2023-1419 Debezium: script injection via connector parameter
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...
CVE-2023-1419
The CVE-2023-1419 issue concerns the Debezium database connector and a script injection vulnerability caused by improper sanitization of certain parameters. The public descriptions across multiple sources state that an attacker can send a malicious request to inject a parameter, potentially leadi...