# CVE-2022-28346
SQL injection in QuerySet.annotate(), aggregate(), and extra()

# Setup:
Run `./` for initial setup

Open the docker image to initiate the database:
`docker exec -it {container_id} /bin/bash`
And run the following commands:
python makemigrations cve202228346
python migrate

Start the instances using: 
`docker-compose up`

Now open the following URL to load sample data:


Then go to the vulnerable page at:

Exploit the parameter at: