| عنوان | liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication |
|---|
| الوصف | DjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection. |
|---|
| المصدر | ⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md |
|---|
| المستخدم | Dem0 (UID 82596) |
|---|
| ارسال | 26/03/2026 05:03 PM (1 شهر منذ) |
|---|
| الاعتدال | 19/04/2026 07:11 AM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358212 [liangliangyy DjangoBlog حتى 2.1.0.0 logtracks Endpoint owntracks/views.py توثيق ضعيف] |
|---|
| النقاط | 18 |
|---|