4 matches found
GHSA-QP2C-XQV6-PHH6 django-mdeditor is Missing Authentication for Critical Function
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
django-mdeditor is Missing Authentication for Critical Function
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
CVE-2025-13030
CVE-2025-13030 affects the django-mdeditor package. All versions are vulnerable to Missing Authentication for Critical Function in the image upload endpoint, allowing an attacker to upload malicious files and achieve arbitrary code execution due to lack of authentication and improper sanitisation...
PT-2026-36039
Name of the Vulnerable Software and Affected Versions django-mdeditor affected versions not specified Description The image upload endpoint lacks authentication protection and proper sanitization of file names. This allows an attacker to upload malicious files and achieve arbitrary code execution...