Description

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

Remediation

References

CVE-2013-0305

Related Vulnerabilities

concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476)

WordPress Plugin WP Discourse Unspecified Vulnerability (0.9.7)

OpenSSL Other Vulnerability (CVE-2005-2969)

Joomla Missing Authentication for Critical Function Vulnerability (CVE-2019-10946)

WordPress Plugin Booking Calendar Cross-Site Scripting (7.1)

Severity

Medium

Classification

CVE-2013-0305 CWE-200

Tags

Missing Update Known Vulnerabilities