Description

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Remediation

References

CVE-2016-9013

Related Vulnerabilities

WordPress Plugin Affiliates Multiple Cross-Site Scripting Vulnerabilities (2.13.1)

Ruby on Rails CVE-2019-5418 Vulnerability (CVE-2019-5418)

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (1.5.7)

WordPress Plugin RestroPress-Online Food Ordering System Cross-Site Request Forgery (2.8.2)

Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2008-3142)

Severity

Critical

Classification

CVE-2016-9013 CWE-798 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities