CVE-2007-5828
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
** EN DISPUTA ** La vulnerabilidad de falsificación de solicitudes entre sitios (CSRF) en el panel de administración en Django 0.96 permite a los atacantes remotos cambiar las contraseñas de usuarios arbitrarios mediante una solicitud a admin / auth / user / 1 / password /. NOTA: Debian ha disputado este problema, ya que la documentación del producto incluye una recomendación para un módulo de protección CSRF que se incluye con el producto. Sin embargo, CVE considera que esto es un problema porque la configuración predeterminada no usa este módulo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-11-05 CVE Reserved
- 2007-11-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://osvdb.org/45285 | Vdb Entry | |
http://securityreason.com/securityalert/3338 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/482983/100/0/threaded | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Django Project Search vendor "Django Project" | Django Search vendor "Django Project" for product "Django" | 0.96 Search vendor "Django Project" for product "Django" and version "0.96" | - |
Affected
|