25 matches found
EUVD-2020-0071
Malware in sbrugna...
BIT-DJANGO-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
SUSE CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471-PoC Django PoC for the SQL injection vulnerabi...
Exploit for SQL Injection in Djangoproject Django
DOBBYISFREE! - 출제된 CTF: 2020 Christmas CTFhttps://dreamh...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 This repository provides environments and P...
GHSA-HMR4-M2H5-33QX SQL injection in Django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
SQL injection in Django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
CVE-2020-7471
A flaw was found in Django, where it may allow SQL injection if improperly sanitized data is used as a StringAgg delimiter. If a suitably crafted delimiter is passed to a 'contrib.postgres.aggregates.StringAgg' instance, it is possible to break escaping and inject malicious SQL. An attacker could...
FreeBSD : Django -- potential SQL injection vulnerability (5a45649a-4777-11ea-bdec-08002728f74c)
MITRE CVE reports : Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitab...
SQL Injection
django is vulnerable to SQL injection. The vulnerability exists through the unsanitized value of the user-specified column delimiter in contrib.postgres.aggregates.StringAgg...
ALPINE-CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
PYSEC-2020-35
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
PYSEC-2020-35
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
CVE-2020-7471
CVE-2020-7471 affects Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3. The issue is a SQL injection via untrusted data used as a StringAgg delimiter in contrib.postgres.aggregates.StringAgg, which can break escaping and inject SQL. Affected releases include Django’s PostgreSQL...