VDB
CVE-2026-1207
CVE-2026-1207
PUBLISHED
Potential SQL injection via raster lookups on PostGIS
EPSS 6.57% · 91.3th percentile
Risk Scores
EPSS Score
6.57%
91.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 6.0.0, 6.0.0, 4.2.0 |
| Bitnami | django | 6.0.0, 5.2.0, 4.2.0 |
Exploit Intelligence
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- CIRCL published-proof-of-concept: CVE-2026-1207 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2026-1207 (circl-sighting)
- Django 框架在使用 PostGIS 查询地理栅格(raster)数据时,若将未经验证的用户输入直接作为 band index(波段索引)参数,会引发 SQL 注入 (github-poc-repo)
- Django 框架在使用 PostGIS 查询地理栅格(raster)数据时,若将未经验证的用户输入直接作为 band index(波段索引)参数,会引发 SQL 注入 (github-poc-repo)
- Django 框架在使用 PostGIS 查询地理栅格(raster)数据时,若将未经验证的用户输入直接作为 band index(波段索引)参数,会引发 SQL 注入 (github-poc-repo)
- Django 框架在使用 PostGIS 查询地理栅格(raster)数据时,若将未经验证的用户输入直接作为 band index(波段索引)参数,会引发 SQL 注入 (github-poc-repo)
…and 115 more exploits
Timeline
- Dec 26, 2022 CrowdSec Sighting
- Feb 7, 2023 CrowdSec Sighting
- Apr 5, 2023 CrowdSec Sighting
- May 31, 2023 CrowdSec Sighting
- May 1, 2024 CrowdSec Sighting
- May 21, 2024 CrowdSec Sighting
- May 30, 2024 CrowdSec Sighting
- Jan 25, 2025 CrowdSec Sighting
- Aug 7, 2025 CrowdSec Sighting
- Sep 3, 2025 CrowdSec Sighting
- Oct 2, 2025 CrowdSec Sighting
- Jan 7, 2026 CrowdSec Sighting