What is the severity of CVE-2007-5828?

CVE-2007-5828 has been disputed in severity but is categorized as a cross-site request forgery (CSRF) vulnerability.

How do I fix CVE-2007-5828?

To fix CVE-2007-5828, consider upgrading Django to a more secure version that addresses this vulnerability.

Who is affected by CVE-2007-5828?

Users of Django version 0.96 are affected by CVE-2007-5828.

What type of vulnerability is CVE-2007-5828?

CVE-2007-5828 is classified as a cross-site request forgery (CSRF) vulnerability.

Can I still use Django 0.96 after CVE-2007-5828?

Using Django 0.96 is risky due to CVE-2007-5828, and it is advisable to upgrade to a secure version.

Vulnerability/
CVE-2007-5828

medium

6.8

CWE

352

5/11/2007

7/8/2024

CVE-2007-5828: CSRF

First published: Mon Nov 05 2007(Updated: )

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Django	=0.96

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-5828?
CVE-2007-5828 has been disputed in severity but is categorized as a cross-site request forgery (CSRF) vulnerability.
How do I fix CVE-2007-5828?
To fix CVE-2007-5828, consider upgrading Django to a more secure version that addresses this vulnerability.
Who is affected by CVE-2007-5828?
Users of Django version 0.96 are affected by CVE-2007-5828.
What type of vulnerability is CVE-2007-5828?
CVE-2007-5828 is classified as a cross-site request forgery (CSRF) vulnerability.
Can I still use Django 0.96 after CVE-2007-5828?
Using Django 0.96 is risky due to CVE-2007-5828, and it is advisable to upgrade to a secure version.

agent/author
agent/type
agent/first-publish-date
agent/weakness
agent/references
agent/severity
agent/status
agent/softwarecombine
agent/description
agent/event
agent/last-modified-date
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/django project
canonical/django
version/django/0.96
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2007-5828?
CVE-2007-5828 has been disputed in severity but is categorized as a cross-site request forgery (CSRF) vulnerability.
How do I fix CVE-2007-5828?
To fix CVE-2007-5828, consider upgrading Django to a more secure version that addresses this vulnerability.
Who is affected by CVE-2007-5828?
Users of Django version 0.96 are affected by CVE-2007-5828.
What type of vulnerability is CVE-2007-5828?
CVE-2007-5828 is classified as a cross-site request forgery (CSRF) vulnerability.
Can I still use Django 0.96 after CVE-2007-5828?
Using Django 0.96 is risky due to CVE-2007-5828, and it is advisable to upgrade to a secure version.