Django SQL Injection Test Environment (CVE-2025-57833) This is a Docker-based test environment for demonstrating the critical SQL injection vulnerability CVE-2025-57833 in Django. Key Points Vulnerability: CVE-2025-57833 is a critical SQL injection vulnerability in the Django ORM that occurs when using FilteredRelation with select_related. Root Cause: The vulnerability is caused by using unsanitized user input directly as a field name in a FilteredRelation, which allows for the manipulation of the generated SQL query. Impact: This can lead to information disclosure and Remote Code Execution (RCE) on the PostgreSQL database server, with a CVSS score of 9.8 (Critical). Attack Vector: Attackers can exploit this by sending a malicious payload in the search_field of a POST request to the /api/vulnerable-search/ endpoint. Mitigation: The recommended fix is to use a whitelist to validate user input before it is passed to the Django ORM. References Medium Article: Django Unauthenticated 0-click RCE and SQL Injection using Default Configuration by Eyal Gabay (@EyalSec) Django Security Release: Django security releases issued: 5.2.6, 5.1.12, and 4.2.24 NullSecurityx Article: CVE-2025-57833 Django SQL Injection For more detailed documentation, please see…Read More