Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2024/03/06 10:55 a.m.26 views

BIT-DJANGO-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

9.8CVSS8.7AI score0.1537EPSS
Exploits9References13
GithubExploit
GithubExploitadded 2021/06/03 11:21 a.m.205 views

Exploit for SQL Injection in Djangoproject Django

CVE-2020-7471-PoC Django PoC for the SQL injection vulnerabi...

9.8CVSS9.9AI score0.1537EPSS
Exploits9
NVD
NVDadded 2021/02/22 3:15 a.m.12 views

CVE-2020-35681

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

7.4CVSS0.008EPSS
Exploits1References3
Prion
Prionadded 2021/02/22 3:15 a.m.23 views

Design/Logic Flaw

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

5.8CVSS7.2AI score0.008EPSS
Exploits1References3Affected Software1
Exploit DB
Exploit DBadded 2020/04/08 12:0 a.m.403 views

Django 3.0 - Cross-Site Request Forgery Token Bypass

Exploit Title: Django 3.0 - Cross-Site Request Forgery Token Bypass Date: 2020-04-08 Exploit Author: Spad Security Group Vendor Homepage: https://www.djangoproject.com/ Software Link: https://pypi.org/project/Django/ Version: 3.0 = Tested on: windows 10 Language: python3.8 t.me/SpadSec Spad...

7.4AI score
Exploits0
0day.today
0day.todayadded 2020/04/08 12:0 a.m.29 views

Django 3.0 - Cross-Site Request Forgery Token Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Django 3.0 - Cross-Site Request Forgery Token Bypass Exploit Author: Spad Security Group Vendor Homepage: https://www.djangoproject.com/ Software Link: https://pypi.org/project/Django/ Version: 3.0 = Tested on: windows 10...

0.3AI score
Exploits0
PyPA
PyPAadded 2020/03/05 3:15 p.m.2 views

PYSEC-2020-345

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...

8.8CVSS6.9AI score0.84644EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologiesadded 2020/03/04 12:0 a.m.5 views

PT-2020-5130 · Django Software Foundation +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.11 before 1.11.29 Django versions 2.2 before 2.2.11 Django versions 3.0 before 3.0.4 Description: The issue allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. B...

9.8CVSS7.4AI score0.9295EPSS
Exploits55References269
Rows per page
Query Builder