Description

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

Remediation

References

CVE-2011-0698

Related Vulnerabilities

WordPress Plugin SRS Simple Hits Counter SQL Injection (1.0.4)

Drupal Core 8.9.0 Security Bypass (8.9.0)

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More Cross-Site Scripting (16.24.47)

Oracle JRE CVE-2013-0443 Vulnerability (CVE-2013-0443)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37067)

Severity

High

Classification

CVE-2011-0698 CWE-22

Tags

Missing Update Known Vulnerabilities