Description

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

Remediation

References

CVE-2014-0474

Related Vulnerabilities

WordPress Plugin Pricing Table by Supsystic Multiple Vulnerabilities (1.8.1)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1385)

MySQL Other Vulnerability (CVE-2005-1636)

WordPress Plugin Contact Form 'wpcf_easyform_formid' Parameter SQL Injection (2.7.5)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32472)

Severity

Critical

Classification

CVE-2014-0474

Tags

Missing Update Known Vulnerabilities