Here's the page we think you wanted. See search results instead:

Toggle Menu

Chat Live

Confirm Your Country or Area

Please Confirm

Confirm your country to access relevant pricing, special offers, events, and contact information.

What are you looking for?

MXG Signal Generator UXA Signal Analyzer UXM for Wi-Fi 7 PXA Signal Analyzer Find a solution Get technical support Take a class Find us at events Premium used equipment KeysightCare Buy online

No product matches found - System Exception

Django Trunc and Extract SQL Injection

Strike ID:

E22-ekyh1

CVSS:

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

False Positive:

Variants:

Year:

2022

Description

This strike exploits two SQL injection vulnerability in Django. The vulnerabilities are due to insufficient sanitization of user input to kind and lookup_name parameter passed to database functions Trunc and Extract respectively. A remote attacker can exploit the vulnerabilities by sending a crafted request to the target server. Successful exploitation could result in execution of arbitrary SQL statements. *NOTE: When running this strike in OneArm mode, it sends a malicious request to the target Django webapp, and creates a new table in the database.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34265

References

https://github.com/aeyesec/CVE-2022-34265

Welcome

What are you looking for?

Django Trunc and Extract SQL Injection

Description

CVE

References