Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-4534

Опубликовано: 10 янв. 2011
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4

Описание

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.

РелизСтатусПримечание
dapper

DNE

devel

released

1.2.3-1ubuntu0.2.11.04.1
hardy

ignored

end of life
karmic

released

1.1.1-1ubuntu1.1
lucid

released

1.1.1-2ubuntu1.2
maverick

released

1.2.3-1ubuntu0.2.10.10.1
natty

released

1.2.3-1ubuntu0.2.11.04.1
oneiric

released

1.2.3-1ubuntu0.2.11.04.1
upstream

released

1.2.4-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%
0.00553
Низкий

4 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2010-4534

nvd
больше 14 лет назад

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.

debian логотип

CVE-2010-4534

debian
больше 14 лет назад

The administrative interface in django.contrib.admin in Django before ...

github логотип

GHSA-fwr5-q9rx-294f

CVSS3: 6.5
github
почти 7 лет назад

Improper query string handling in Django

EPSS

Процентиль: 67%
0.00553
Низкий

4 Medium

CVSS2