Cross-Site Request Forgery Vulnerability in Django CMS by Divio
CVE-2015-5081

8.8HIGH

Key Information:

Vendor

Django-cms

Status
Django Cms
Vendor
CVE Published:
18 August 2017

What is CVE-2015-5081?

A CSRF vulnerability exists in Django CMS prior to version 3.0.14 and in the 3.1.x branch before version 3.1.1. This vulnerability allows remote attackers to exploit the application by tricking privileged users into executing unauthorized actions through malicious requests. The flaw stems from insufficient validation of requests, which could lead to unintended changes being made by users with elevated permissions. Users running affected versions should update to the latest release as a precaution against potential exploits.

References

https://www.django-cms.org/en/blog/2015/06/27/311-3014-re...
x_refsource_CONFIRM
https://github.com/divio/django-cms/commit/f77cbc607d6e2a...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/06/28/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.