What is CVE-2022-34265?

CVE-2022-34265 is a vulnerability in N/a. Published 2022-07-04.

Is CVE-2022-34265 known to be exploited?

54 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the look…

EPSS: 0.928 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

aeyesec/CVE-2022-34265
ZhaoQi99/CVE-2022-34265
traumatising/CVE-2022-34265
lnwza0x0a/CTF_Django_CVE-2022-34265
NaInSec/CVE-PoC-in-GitHub
OSCKOREA-WORKSHOP/NEXUS-Firewall
POC-2025/nuclei
SYRTI/POC_
SurfRid3r/Django_
TakutoYoshikai/TakutoYoshikai

References

groups.google.com/forum/
docs.djangoproject.com/en/4.0/releases/security/
www.djangoproject.com/weblog/2022/jul/04/security-releases/
security.netapp.com/advisory/ntap-20220818-0006/
DSA-5254 (vendor-advisory)
FEDORA-2023-8fed428c5e (vendor-advisory)
FEDORA-2023-a53ab7c969 (vendor-advisory)

Frequently asked questions

What is CVE-2022-34265?: CVE-2022-34265 is a vulnerability in N/a. Published 2022-07-04.
Is CVE-2022-34265 known to be exploited?: 54 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.