Django Project : Security Vulnerabilities, CVEs, (CSRF) CVSS score >= 3
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
Max CVSS
5.8
EPSS Score
0.23%
Published
2008-09-04
Updated
2011-03-08
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
Max CVSS
6.8
EPSS Score
0.18%
Published
2007-11-05
Updated
2024-04-11
2 vulnerabilities found