CVE-2021-30459
Description
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.434
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-30459 are fixed in Python-django-debug-toolbar 1.11.1 | Windows |
| Vulnerabilities CVE-2021-30459 are fixed in Python-django-debug-toolbar 2.2.1 | Windows |
| Vulnerabilities CVE-2021-30459 are fixed in Python-django-debug-toolbar 3.2.1 | Windows |
| Vulnerabilities CVE-2021-30459 are fixed in Python-django-debug-toolbar for linux 1.11.1 | Linux |
| Vulnerabilities CVE-2021-30459 are fixed in Python-django-debug-toolbar for linux 2.2.1 | Linux |
| Vulnerabilities CVE-2021-30459 are fixed in Python-django-debug-toolbar for linux 3.2.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234