Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-1207 - Vulnerability Database
Django

Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-1207

Medium
Reference: CVE-2026-1207
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-1207
Title: Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An issue was discovered in 6.0 before 6.0.2 5.2 before 5.2.11 and 4.2 before 4.2.28. Raster lookups on RasterField (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier unsupported Django series (such as 5.0.x 4.1.x and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.