Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Django Improper Input Validation Vulnerability (CVE-2014-3730)

Description

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

Remediation

References

Related Vulnerabilities

Liferay DXP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42121)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2505)

WordPress Plugin CSS Plus Multiple Unspecified Vulnerabilities (1.3.1)

WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-21371)

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-19520)

Severity

Medium

Classification

CVE-2014-3730 CWE-20

Tags

Missing Update Known Vulnerabilities