CVE-2014-0474SQL Injection in Django

CWE-399CWE-89SQL Injection13 documents9 sources
Severity
10.0CRITICALNVD
OSV5.1
EPSS
4.0%
top 11.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Djangoproject DjangoCanonical Ubuntu Linux
Timeline
PublishedApr 23
Latest updateSep 4

Description

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

PyPIdjangoproject/django1.51.5.6+2
NVDdjangoproject/django1.4.10+20

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

6
OSV
Django Vulnerable to MySQL Injection2022-05-17
GHSA
Django Vulnerable to MySQL Injection2022-05-17
OSV
CVE-2014-0474: The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 12014-04-23
CVEList
CVE-2014-0474: The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 12014-04-23
OSV
python-django regression2014-04-23

📋Vendor Advisories

4
Ubuntu
Django regression2014-04-23
Ubuntu
Django vulnerabilities2014-04-22
Red Hat
python-django: MySQL typecasting2014-04-21
Debian
CVE-2014-0474: python-django - The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model f...2014

📄Research Papers

1
arXiv
An Empirical Study of Vulnerabilities in Python Packages and Their Detection2025-09-04

💬Community

1
Bugzilla
CVE-2014-0474 python-django: MySQL typecasting2014-04-23
CVE-2014-0474 — SQL Injection in Djangoproject Django | cvebase