{"vulnerability": "CVE-2022-28346", "sightings": [{"uuid": "85ca5537-d349-453f-aac5-3b8c7fb1939b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/ShlezySec_Channel/30", "content": "CVE-2022-28346:\nDjango QuerySet.annotate(), aggregate(), extra() SQL\nhttps://github.com/DeEpinGh0st/CVE-2022-28346\n\nBypassing LDAP Channel Binding with StartTLS\nhttps://offsec.almond.consulting/bypassing-ldap-channel-binding-with-starttls.html", "creation_timestamp": "2022-04-29T07:55:52.000000Z"}, {"uuid": "3c735052-f8ad-41b3-96ce-9861d2358a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2189", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aAn improved Proof of Concept for CVE-2022-1388 w/ Interactive Shell.        No reverse tcp required!\nURL\uff1ahttps://github.com/ahsentekdemir/CVE-2022-28346\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-15T00:26:32.000000Z"}, {"uuid": "2079e952-1027-43d2-9f45-f42d32e7272a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "Telegram/S7UYTiMfexdXb-A0qlUDhTcfhw0DNHJcz-TH3evrmkbe4A", "content": "", "creation_timestamp": "2022-04-29T10:57:59.000000Z"}, {"uuid": "778d459c-67ef-45fb-a4bf-14c0172c5ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/498", "content": "\u200bCVE-2022-28346\n\nDjango QuerySet.annotate(), aggregate(), extra() SQL\n\nhttps://github.com/DeEpinGh0st/CVE-2022-28346\n\n#redteam #hackers #exploit", "creation_timestamp": "2022-04-29T10:51:05.000000Z"}, {"uuid": "8584da26-485d-4f18-ba2e-e88731958c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/131", "content": "CVE-2022-28346 : Django QuerySet.annotate(), aggregate(), extra() SQL\nhttps://github.com/DeEpinGh0st/CVE-2022-28346", "creation_timestamp": "2022-04-29T13:13:36.000000Z"}, {"uuid": "fddee7e8-f7bc-4a37-be5e-7134c688861b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/75", "content": "https://github.com/DeEpinGh0st/CVE-2022-28346", "creation_timestamp": "2023-07-14T09:52:27.000000Z"}, {"uuid": "8987487b-a897-4f1f-9017-fa813a2bff37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "seen", "source": "https://t.me/cibsecurity/40586", "content": "\u203c CVE-2022-28346 \u203c\n\nAn issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:23:00.000000Z"}, {"uuid": "d2a5e668-b27a-4199-94f0-ee2a69e7f95c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5909", "content": "#exploit\n1. CVE-2022-28346:\nDjango QuerySet.annotate(), aggregate(), extra() SQL\nhttps://github.com/DeEpinGh0st/CVE-2022-28346\n\n2. CVE-2022-28508:\nMantisBT 2.25.2 - XSS\nhttps://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability\n\n3. Bypassing LDAP Channel Binding with StartTLS\nhttps://offsec.almond.consulting/bypassing-ldap-channel-binding-with-starttls.html", "creation_timestamp": "2022-04-30T17:55:24.000000Z"}]}