{"vulnerability": "CVE-2022-28347", "sightings": [{"uuid": "717138ac-8f0c-4eb7-ae75-0eae3fb0f4da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28347", "type": "seen", "source": "https://t.me/cibsecurity/40598", "content": "\u203c CVE-2022-28347 \u203c\n\nA SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:23:18.000000Z"}]}