CVE-2008-3909

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
Configurations

Configuration 1

cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*

Information

Published : 2008-09-04 05:41

Updated : 2011-03-08 03:11


NVD link : CVE-2008-3909

Mitre link : CVE-2008-3909

Products Affected
No products.
CWE