Lucene search
+L

11 matches found

nessus
nessus
added 2026/05/09 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016788 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing...

8.5CVSS7.3AI score0.00802EPSS
Exploits1References4
redhat
redhat
added 2026/05/07 5:9 p.m.10 views

Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()

A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...

8.5CVSS7.8AI score0.00802EPSS
Exploits1References7
redhat
redhat
added 2026/03/06 11:0 a.m.4 views

Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()

A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...

8.5CVSS6.4AI score0.00802EPSS
Exploits1References7
susecve
susecve
added 2026/02/05 12:27 a.m.8 views

SUSE CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.1CVSS5.5AI score0.00802EPSS
Exploits1References4
snyk
snyk
added 2026/02/03 3:49 p.m.3 views

SQL Injection

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the QuerySet.orderby and FilteredRelation when column aliases containing periods are used with a crafted...

9.8CVSS6.2AI score0.00802EPSS
Exploits1References2
nvd
nvd
added 2026/02/03 3:16 p.m.6 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS0.00802EPSS
Exploits1References15
euvd
euvd
added 2026/02/03 2:36 p.m.5 views

EUVD-2026-5236

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

5.4CVSS5.6AI score0.00802EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/02/03 2:36 p.m.9 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS5.6AI score0.00802EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.6 views

PT-2026-6038

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The .QuerySet.order by...

8.5CVSS5.6AI score0.00802EPSS
Exploits1References169
nessus
nessus
added 2026/02/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-1312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containin...

8.5CVSS6.1AI score0.00802EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.5 views

PT-2026-6375

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.order by is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

9.3CVSS5.7AI score0.00802EPSS
Exploits1References8
Rows per page
Query Builder