Lucene search
+L

7 matches found

github
github
added 2022/05/02 12:5 a.m.23 views

Django cross-site request forgery (CSRF) vulnerability

The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified...

5.8CVSS6.7AI score0.00931EPSS
Exploits0References12Affected Software1
gitlab
gitlab
added 2022/05/02 12:0 a.m.65 views

Django Admin Media Handler Vulnerable to Directory Traversal

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...

5CVSS6.2AI score0.02265EPSS
Exploits0References9Affected Software1
debiancve
debiancve
added 2009/08/04 4:13 p.m.80 views

CVE-2009-2659

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...

5CVSS6.2AI score0.02265EPSS
Exploits0
cve
cve
added 2009/08/04 4:13 p.m.89 views

CVE-2009-2659

CVE-2009-2659 affects the Django Admin media handler in core/servers/basehttp.py for Django 1.0 and 0.96. The vulnerability arises from improper mapping of URL requests to static media files, enabling directory traversal and reading arbitrary files via a crafted URL. Descriptions in connected rec...

5CVSS6.4AI score0.02265EPSS
Exploits0References9Affected Software1
osv
osv
added 2007/11/05 7:46 p.m.4 views

DEBIAN-CVE-2007-5828

Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...

6.8CVSS7.2AI score0.00749EPSS
Exploits0References1
osv
osv
added 2007/11/05 7:46 p.m.6 views

CVE-2007-5828

Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...

6.9AI score
Exploits0References3
cve
cve
added 2007/11/05 7:0 p.m.51 views

CVE-2007-5828

Cross-site request forgery (CSRF) vulnerability in Django 0.96 is exposed in the admin panel, allowing remote attackers to change passwords via a request to admin/auth/user/1/password/. The issue stems from the default configuration not enabling the CSRF protection module, though Debian notes thi...

6.8CVSS7AI score0.00749EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder