CVE-2007-5828
published 2007-11-05CVE-2007-5828: Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request…
PriorityP423medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
0.75%
50.4th percentile
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 1.2.1 (bookworm) | python-django 1.2.1 (bookworm) |
| django_project | django | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjc8-j97x-hp3p: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0
ghsa_unreviewed·2022-05-01
CVE-2007-5828 [MEDIUM] CWE-352 GHSA-pjc8-j97x-hp3p: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module.
OSV
CVE-2007-5828: Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0
osv·2007-11-05·CVSS 6.8
CVE-2007-5828 [MEDIUM] CVE-2007-5828: Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
Red Hat
Django admin panel CSFR
vendor_redhat·2007-10-21·CVSS 6.8
CVE-2007-5828 [MEDIUM] Django admin panel CSFR
Django admin panel CSFR
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
Debian
CVE-2007-5828: python-django - Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.9...
vendor_debian·2007·CVSS 6.8
CVE-2007-5828 [MEDIUM] CVE-2007-5828: python-django - Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.9...
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
Scope: local
bookworm: resolved (fixed in 1.2.1)
bullseye: resolved (fixed in 1.2.1)
forky: resolved (fixed in 1.2.1)
sid: resolved (fixed in 1.2.1)
trixie: resolved (fixed in 1.2.1)
No detection rules found.
No public exploits indexed.
2007-11-05
Published