CVE-2008-3909

Django 0.91-0.96 - Cross-Site Request Forgery in Administration Application

Title source: llm
STIX 2.1

Description

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

References (10)

Core 10
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31837
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1640
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=460966
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2533
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31961
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/03/4
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/47906

Scores

EPSS 0.0093
EPSS Percentile 56.4%

Details

CWE
CWE-352
Status published
Products (5)
django_project/django 0.91
django_project/django 0.95
django_project/django 0.96
djangoproject/django 0.91 - 0.91.3
pypi/Django 0.91.0 - 0.91.3PyPI
Published Sep 04, 2008
Tracked Since Feb 18, 2026