SQL Injection

🗓️ 05 Jul 2021 06:16:04Reported by Veracode Vulnerability DatabaseType

Django is vulnerable to SQL injection through QuerySet.order_by method injection.

Reporter	Title	Published	Views	Family All 92
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 3.2.6-alt1	10 Sep 202100:00	–	altlinux
GithubExploit	Exploit for SQL Injection in Djangoproject Django	24 Sep 202115:30	–	githubexploit
AlpineLinux	CVE-2021-35042	2 Jul 202109:54	–	alpinelinux
ArchLinux	[ASA-202107-11] python-django: insufficient validation	3 Jul 202100:00	–	archlinux
Circl	CVE-2021-35042	11 Jul 202113:57	–	circl
CNNVD	Django SQL注入漏洞	1 Jul 202100:00	–	cnnvd
CNVD	Django SQL Injection Vulnerability (CNVD-2021-49046)	2 Jul 202100:00	–	cnvd
CVE	CVE-2021-35042	2 Jul 202109:54	–	cve
Cvelist	CVE-2021-35042	2 Jul 202109:54	–	cvelist
Debian CVE	CVE-2021-35042	2 Jul 202109:54	–	debiancve

Vulners

Node

AND

AND

AND

py3-django py3-djangoMatch1.11.28-r0python

AND

py3-django py3-djangoMatch1.11.29-r0python

AND

AND

AND

AND

django_project djangoRange3.2a1–3.2.4python

django_project djangoRange3.1a1–3.1.12python

Source	Link
openwall	www.openwall.com/lists/oss-security/2021/07/02/2
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y/
docs	www.docs.djangoproject.com/en/3.2/releases/security/
groups	www.groups.google.com/forum/
groups	www.groups.google.com/forum/
security	www.security.netapp.com/advisory/ntap-20210805-0008/
djangoproject	www.djangoproject.com/weblog/2021/jul/01/security-releases/

07 Nov 2023 22:48Current

7.5High risk

Vulners AI Score7.5

CVSS 27.5

CVSS 3.19.8

EPSS0.909