Description

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

Remediation

References

CVE-2013-0305

Related Vulnerabilities

Oracle Database Server CVE-2021-2234 Vulnerability (CVE-2021-2234)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-6289)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4309)

WordPress Plugin InBoundio Marketing Arbitrary File Upload (2.0.3)

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

Severity

Medium

Classification

CVE-2013-0305 CWE-200

Tags

Missing Update Known Vulnerabilities