9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7471

GHSA ID

GHSA-hmr4-m2h5-33qx

EPSS Score

0.92015%

CWE

CWE-89

Published

2/11/2020

Updated

9/20/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-7471

CVE-2020-7471: SQL injection in Django

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7471

GHSA ID

GHSA-hmr4-m2h5-33qx

EPSS Score

0.92015%

CWE

CWE-89

Published

2/11/2020

Updated

9/20/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
django	pip	< 1.11.28	1.11.28
Django	pip	>= 2.0, < 2.2.10	2.2.10
Django	pip	>= 3.0, < 3.0.3	3.0.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how StringAgg handled the 'delimiter' parameter. The original implementation used string formatting to insert the delimiter directly into the SQL template ('%(delimiter)s'), making it vulnerable to SQL injection. The patch changed this by wrapping the delimiter in a Value() expression, forcing proper SQL parameterization. The commit diff clearly shows the vulnerable pattern in the template and the fix in the init method, aligning with the CVE description of delimiter-based SQL injection.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*j*n*o *.** ***or* *.**.**, *.* ***or* *.*.**, *n* *.* ***or* *.*.* *llows SQL Inj**tion i* untrust** **t* is us** *s * Strin**** **limit*r (*.*., in *j*n*o *ppli**tions t**t o***r *ownlo**s o* **t* *s * s*ri*s o* rows wit* * us*r-sp**i*i** *olumn **

Reasoning

T** vuln*r**ility st*ms *rom *ow Strin**** **n*l** t** '**limit*r' p*r*m*t*r. T** ori*in*l impl*m*nt*tion us** strin* *orm*ttin* to ins*rt t** **limit*r *ir**tly into t** SQL t*mpl*t* ('%(**limit*r)s'), m*kin* it vuln*r**l* to SQL inj**tion. T** p*t*

9.8

Basic Information

Concerned about an active attack path?

CVE-2020-7471: SQL injection in Django

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI