GitHub - secoba/DjVul_StringAgg: Django StringAgg SQL Injection (CVE-2020-7471)

Django CVE-2020-7471 SQLi

CVE-2020-7471: Potential SQL injection via StringAgg(delimiter) django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter.

RUN

python manage.py makemigrations

python manage.py migrate

python manage.py runserver

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commits
DjVul_StringAgg		DjVul_StringAgg
app		app
.gitignore		.gitignore
README.md		README.md
manage.py		manage.py
postgre-docker-compose.yml		postgre-docker-compose.yml
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DjVul_StringAgg

DjVul_StringAgg

app

app

.gitignore

.gitignore

README.md

README.md

manage.py

manage.py

postgre-docker-compose.yml

postgre-docker-compose.yml

requirements.txt

requirements.txt

Repository files navigation

Django CVE-2020-7471 SQLi

RUN

参考

About

Releases

Packages

Languages

secoba/DjVul_StringAgg

Folders and files

Latest commit

History

Repository files navigation

Django CVE-2020-7471 SQLi

RUN

参考

About

Resources

Stars

Watchers

Forks

Languages