Russian Vulnerability Scanner Database

Back to List

CVE-2022-34265

Scores

EPSS

0.928high92.8%
0%20%40%60%80%100%

Percentile: 92.8%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

astradebiannvdredhatubuntu

CWEs

CWE-89

Related Vulnerabilities

BDU:2022-04199

Exploits

Exploit ID: CVE-2022-34265

Source: github-poc

URL: https://github.com/lnwza0x0a/CTF_Django_CVE-2022-34265

Vulnerable Software (17)

Type: Configuration

Product: python-django

Operating System: ubuntu bionic 18.04

Trait: 
{  "fixed": "1:1.11.11-1ubuntu1.18"}

Source: ubuntu

Type: Configuration

Product: python-django

Operating System: ubuntu focal 20.04

Trait: 
{  "fixed": "2:2.2.12-1ubuntu0.12"}

Source: ubuntu

Type: Configuration

Product: python-django

Operating System: ubuntu impish 21.10

Trait: 
{  "fixed": "2:2.2.24-1ubuntu1.5"}

Source: ubuntu

Type: Configuration

Product: python-django

Operating System: ubuntu jammy 22.04

Trait: 
{  "fixed": "2:3.2.12-2ubuntu1.1"}

Source: ubuntu

Type: Configuration

Product: python-django

Operating System: debian

Trait: 
{  "fixed": "2:4.0.6-1"}

Source: debian

Type: Configuration

Product: python-django

Operating System: astra 1.7.3.10

Trait: 
{  "unaffected": true}

Source: astra

Type: Configuration

Product: python-django

Operating System: astra 4.7.3.8

Trait: 
{  "unaffected": true}

Source: astra

Type: Configuration

Product: python-django

Operating System: rhel

Trait: 
{  "fixed": "3.2.14-2.el8pc"}

Source: redhat

Type: Configuration

Product: python-django

Operating System: rhel

Trait: 
{  "fixed": "3.2.14-2.el8pc"}

Source: redhat

Type: Configuration

Product: python-django

Operating System: rhel

Trait: 
{  "fixed": "3.2.14-3.el8ui"}

Source: redhat

Type: Configuration

Product: python3-module-django

Operating System: altlinux

Trait: 
{  "fixed": "0:3.2.15-alt1"}

Source: redhat

Type: Configuration

Product: python3-module-django-dbbackend-mysql

Operating System: altlinux

Trait: 
{  "fixed": "0:3.2.15-alt1"}

Source: redhat

Type: Configuration

Product: python3-module-django-dbbackend-oracle

Operating System: altlinux

Trait: 
{  "fixed": "0:3.2.15-alt1"}

Source: redhat

Type: Configuration

Product: python3-module-django-dbbackend-postgresql

Operating System: altlinux

Trait: 
{  "fixed": "0:3.2.15-alt1"}

Source: redhat

Type: Configuration

Product: python3-module-django-dbbackend-sqlite3

Operating System: altlinux

Trait: 
{  "fixed": "0:3.2.15-alt1"}

Source: redhat

Type: Configuration

Product: python3-module-django-doc

Operating System: altlinux

Trait: 
{  "fixed": "0:3.2.15-alt1"}

Source: redhat

Type: Configuration

Vendor: *

Product: django

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",      "versionEndExcluding": "3.2.14",      "versionStartIncluding": "3.2",      "vulnerable": true    }...

Source: nvd

End of list