漏洞描述
Django1.11.29之前的1.11.x版本、2.2.11之前的2.2.x版本和3.0.4之前的3.0.x版本中存在SQL注入漏洞。攻击者可借助特制的SQL语句利用该漏洞查看、添加、修改或删除数据库中的信息。
Django至1.10.28/2.2.10/3.0.3 tolerance sql注入漏洞(CVE-2020-9402)
PoC代码
暂无相关漏洞推荐
-
django-debug-enabled: Django Debug mode enabled POC
2025-09-01 | Django DebugFOFA: body="because you have <code>DEBUG = True</code>" -
CVE-2022-34265: Django - SQL injection POC
2025-08-01 | DjangoAn issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() ... -
CVE-2017-12794: Django Debug Page - Cross-Site Scripting POC
2025-08-01 | DjangoDjango 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of ... -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...