CVEs-PoC/2021/CVE-2021-35042.md

### [CVE-2021-35042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35042)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CLincat/vulcat
- https://github.com/H3rmesk1t/Django-SQL-Inject-Env
- https://github.com/LUUANHDUC/CVE-2021-35042
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Power7089/CyberSpace
- https://github.com/SYRTI/POC_to_review
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SurfRid3r/Django_vulnerability_analysis
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WynSon/CVE-2021-35042
- https://github.com/YouGina/CVE-2021-35042
- https://github.com/Zh0ngS0n1337/CVE-2021-35042
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/errorecho/CVEs-Collection
- https://github.com/mieczyk/vilya-blog
- https://github.com/mrlihd/CVE-2021-35042
- https://github.com/n3utr1n00/CVE-2021-35042
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/r4vi/CVE-2021-35042
- https://github.com/soosmile/POC
- https://github.com/t0m4too/t0m4to
- https://github.com/trhacknon/Pocingit
- https://github.com/zecool/cve
- https://github.com/zer0qs/CVE-2021-35042