The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
django project django 0.95 |
||
django project django 0.96 |
||
django project django 0.91 |