Description

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

Remediation

References

CVE-2014-0474

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2014-3480)

PrestaShop Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-7491)

WordPress Plugin Product Addons & Fields for WooCommerce Arbitrary File Upload (1.1)

WordPress Plugin Broken Link Manager Multiple Vulnerabilities (0.4.5)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17900)

Severity

Critical

Classification

CVE-2014-0474

Tags

Missing Update Known Vulnerabilities