CVE-2007-5828

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5828
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://osvdb.org/45285
http://securityreason.com/securityalert/3338
http://www.securityfocus.com/archive/1/482983/100/0/threaded
Configurations

Configuration 1 (hide)

cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*
History

07 Nov 2023, 02:01

Type Values Removed Values Added
Summary ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module. Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
Information

Published : 2007-11-05 19:46

Updated : 2024-08-07 16:15

NVD link : CVE-2007-5828

Mitre link : CVE-2007-5828

CVE.ORG link : CVE-2007-5828

JSON object : View

Products Affected

django_project

  • django
CWE
CWE-352

Cross-Site Request Forgery (CSRF)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024