Description
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2021-2234 Vulnerability (CVE-2021-2234)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-6289)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4309)
WordPress Plugin InBoundio Marketing Arbitrary File Upload (2.0.3)
WordPress Plugin WP Easy full backup Information Disclosure (1.4)