Description
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.netsparker.com/blog/web-security/
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154219/Django-CRM-0.2.1-Cross-Site-Request-Forgery.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Aug/30
Scores
CVSS v3
8.8
EPSS
0.0115
EPSS Percentile
63.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
micropyramid/django_crm
0.2.1
pypi/django-crm
0PyPI
Published
Aug 27, 2019
Tracked Since
Feb 18, 2026