3 matches found
EUVD-2026-17855
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...
CVE-2024-43144
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15...
GHSA-P64X-8RXX-WF6Q Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...