cbcvebase.
CVE-2008-3909
published 2008-09-04

CVE-2008-3909: The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication…

PriorityP424medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EPSS
0.93%
56.2th percentile
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianpython-django< python-django 1.0-1 (bookworm)python-django 1.0-1 (bookworm)
djangoprojectdjango>= 0.91 < 0.91.30.91.3
djangoprojectdjango>= 0.91.0 < 0.91.30.91.3
djangoprojectdjango>= 0.95 < 0.95.40.95.4
djangoprojectdjango>= 0.95.0 < 0.95.40.95.4
djangoprojectdjango>= 0.96 < 0.96.30.96.3
djangoprojectdjango>= 0.96.0 < 0.96.30.96.3

CVSS provenance

nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv5.8MEDIUM
vendor_debian5.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.