Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Django django.contrib.admin管理界面信息泄露漏洞
Vulnerability Description
Django是Django软件基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 1.1.3之前版本,1.2.4之前的1.2.x版本,以及1.3 beta 1之前的1.3.x版本中的django.contrib.admin中的管理界面没有正确限制执行某个对象过滤的查询字符串的使用。远程认证用户可以借助一系列包含正则表达式的请求获取敏感信息。该漏洞已经通过created_by__password__regex参数得到证实。
CVSS Information
N/A
Vulnerability Type
N/A