Threat Encyclopedia



This indicates an attack attempt to exploit an SQL Injection Vulnerability in Python-django.
The vulnerability is due to incorrect input validation in QuerySet.order_by. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the server. A successful attack may result in arbitrary SQL command execution against the database on the target server.

affected-products-logoAffected Products

Django 3.1.x before 3.1.13
Django 3.2.x before 3.2.5


System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References