GitHub - omarkurt/django-connector-CVE-2025-64459-testbed: A self-contained testbed for Django CVE-2025-64459. Demonstrates QuerySet.filter() parameter injection via dictionary expansion using Docker.

This GitHub post presents a testbed for Django CVE-2025-64459, a parameter injection vulnerability in QuerySet.filter() affecting Django versions prior to 5.1.14. The testbed, runnable via Docker, demonstrates how attackers can exploit this by injecting parameters like _connector to manipulate query logic, potentially bypassing filters and accessing unauthorized data.