2 matches found
CVE-2007-5828
Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...
CVE-2007-5828
Cross-site request forgery (CSRF) vulnerability in Django 0.96 is exposed in the admin panel, allowing remote attackers to change passwords via a request to admin/auth/user/1/password/. The issue stems from the default configuration not enabling the CSRF protection module, though Debian notes thi...