CNNVD-202510-025 Information
CNNVD ID
CNNVD-202510-025
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 4.2版本至4.2.25之前版本、5.1版本至5.1.13之前版本和5.2版本至5.2.7之前版本存在SQL注入漏洞,该漏洞源于使用特制字典作为参数传递时,列别名容易受到SQL注入攻击。
Description (English)
Django is an open-source Web application framework based on the Python language of the Django Foundation. The framework includes object-oriented maprs, view systems, templates, etc. The pre-django 4.2 to 4.2.25, pre-dr. 5.1 to 5.1.13 and pre-dr. 5.2 to 5.2.7 have an injection loophole in SQL, which stems from the fact that the aliases are vulnerable to SQL injection when using a special dictionary as a parameter.
Hazard Level
Low
Vulnerability Type
SQL注入
Affected Vendor
Django
Published
2025-10-01
Last Modified
2026-02-24
References
https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/g/django-announce https://www.djangoproject.com/weblog/2025/oct/01/security-releases/ https://vigilance.fr/vulnerability/Django-SQL-injection-via-Four-Functions-48370
Patch
https://www.djangoproject.com/
Share on: