CVE-2022-34265 — Vulnetix

CVE-2022-34265 PUBLISHED

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

EPSS 92.83% · 99.8th percentile

Risk Scores

EPSS Score

92.83%

99.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	django	4.0.0, 3.2.0
Bitnami	django	3.2.0, 4.0.0, 4.0.0

Exploit Intelligence

Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)
Analysis and replication of CVE-2022-23988 and CVE-2022-34265 (github-poc-repo)

…and 40 more exploits

Timeline

Jul 4, 2022 CVE Published
Jul 5, 2022 EPSS Score
Jul 15, 2022 EPSS Score
Aug 19, 2022 EPSS Score
Oct 9, 2022 EPSS Score
Nov 25, 2022 EPSS Score
Feb 28, 2023 EPSS Score
Apr 16, 2023 EPSS Score
Jun 3, 2023 EPSS Score
Sep 5, 2023 EPSS Score
Dec 9, 2023 EPSS Score
Jan 26, 2024 EPSS Score

References

Open in Interactive Console →