CVE-2021-30459
Published Apr 14, 2021
Last updated 4 years ago
Overview
- Description
- A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9155971C-2E44-4DBF-8AAA-B08687454051",
"versionEndExcluding": "1.11.1",
"versionStartIncluding": "0.10.0"
},
{
"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C582D6A7-0A92-4C7F-9392-FBBA302AAADC",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.0.0"
},
{
"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F28FC87E-8A6E-44E0-8E93-9A498B18F2E0",
"versionEndExcluding": "3.2.1",
"versionStartIncluding": "3.0.0"
}
],
"operator": "OR"
}
]
}
]