CNNVD-202509-236 Information
CNNVD ID
CNNVD-202509-236
Related CVE
- CNNVD Published: 2025-09-03
Description (Chinese)
Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 4.2.24之前版本、5.1.12之前版本和5.2.6之前版本存在SQL注入漏洞,该漏洞源于FilteredRelation在列别名中受到SQL注入的影响。
Description (English)
Django is an open-source Web application framework based on the Python language of the Django Foundation. The framework includes object-oriented maprs, view systems, templates, etc. Django 4.2.24, 5.1.12 and 5.2.6 have a SQL injection loophole, which stems from the fact that FilteredRelationy was affected by SQL injection in aliases.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Django
Published
2025-09-03
Last Modified
2026-02-24
References
https://docs.djangoproject.com/en/dev/releases/security/ https://www.djangoproject.com/weblog/2025/sep/03/security-releases/ https://groups.google.com/g/django-announce https://vigilance.fr/vulnerability/Django-SQL-injection-via-FilteredRelation-Column-Aliases-48130
Patch
https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
Share on: