CNNVD-202602-385 Information
CNNVD ID
CNNVD-202602-385
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 6.0.2之前版本、5.2.11之前版本和4.2.28之前版本存在安全漏洞,该漏洞源于RasterField上的栅格查找允许远程攻击者通过波段索引参数注入SQL,可能导致SQL注入攻击。
Description (English)
Django is an open-source Web application framework based on the Python language of the Django Foundation. The framework includes object-oriented maprs, view systems, templates, etc. Prior to Django 6.2, before 5.2.11 and before 4.2.28, there was a security loophole, which stemmed from a grid search on Rasterfield that allowed long-range attackers to inject SQL through band index parameters, which could lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Django
Published
2026-02-03
Last Modified
2026-02-24
References
https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/g/django-announce https://www.djangoproject.com/weblog/2026/feb/03/security-releases/ https://access.redhat.com/security/cve/cve-2026-1207
Patch
https://docs.djangoproject.com/en/dev/releases/security/
Share on: