CVE-2025-57833

This repository demonstrates CVE-2025-57833, a critical SQL injection vulnerability in Django's ORM affecting versions 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. The vulnerability arises from unsanitized user input used as dictionary keys in `annotate()` or `alias()` with `FilteredRelation`, potentially leading to RCE via PostgreSQL.

This repository contains a working proof-of-concept for CVE-2025-57833, a SQL injection vulnerability in Django's FilteredRelation feature. The exploit demonstrates how unvalidated alias names in QuerySet annotations can lead to SQL injection via malicious dictionary keys.

This repository contains a Django application demonstrating CVE-2025-57833, likely related to SQL injection or ORM manipulation given the debug SQL logging and model structure. The exploit.py file (not fully shown) is expected to contain the PoC for triggering the vulnerability.

This repository contains a functional Django application demonstrating CVE-2025-57833, a SQL injection vulnerability via dictionary expansion in QuerySet.annotate() or QuerySet.alias(). The exploit leverages untrusted input passed to the alias() method, allowing arbitrary SQL injection.

This repository demonstrates a SQL injection vulnerability (CVE-2025-57833) in Django versions prior to 4.2.23, where dynamic alias usage in `annotate()` or `alias()` functions allows arbitrary SQL execution via user-controlled input.