Description
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Google Maps Cross-Site Scripting (7.10.41)
WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)
WordPress Plugin Indexisto WordPress Site Search Cross-Site Scripting (1.0.5)
CrushFTP Server Deserialization of Untrusted Data Vulnerability (CVE-2017-14035)