Navigation:   Dark C0d3rs Exploit Log Research Papers/Vulnerability reports HackerOne Disclosed Reports - 2025-12-02

HackerOne Disclosed Reports - 2025-12-02

0 Replies, 118 Views

 hashXploiter

   12-03-2025, 12:30 PM
Administrator
#1
Logo
High
resolved

Potential SQL Injection when annotating FilteredRelation on PostgreSQL


Bug reported by Stackered was disclosed at December 2, 2025, 3:28 pm   |   SQL Injection

A potential SQL injection vulnerability was discovered in Django's annotation of FilteredRelation on PostgreSQL. The vulnerability was caused by an incomplete regular expression filter in the FORBIDDEN_ALIAS_PATTERN. This allowed user input to be interpreted as raw strings, potentially enabling the execution of malicious SQL queries. The vulnerability was reported to the Django security team.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]

Messages In This Thread
HackerOne disclosed reports - 2025-12-02 - by hashXploiter - 12-03-2025, 12:30 PM



Users browsing this thread: 1 Guest(s)