| عنوان | liangliangyy DjangoBlog Hardcoded Credentials Hardcoded Credentials |
|---|
| الوصف | DjangoBlog through x.x.x.x uses a hardcoded fallback value for the Django SECRET_KEY in djangoblog/settings.py when the DJANGO_SECRET_KEY environment variable is not set. This key is used to sign session cookies, CSRF tokens, password reset tokens, and email confirmation signatures. An attacker who knows the key can forge sessions to impersonate any user including superadmins, bypass CSRF protection, and take over accounts. |
|---|
| المصدر | ⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-3-Hardcoded-Django-SECRET_KEY.md |
|---|
| المستخدم | Dem0 (UID 82596) |
|---|
| ارسال | 26/03/2026 05:05 PM (1 شهر منذ) |
|---|
| الاعتدال | 19/04/2026 07:11 AM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358213 [liangliangyy DjangoBlog حتى 2.1.0.0 Setting djangoblog/settings.py SECRET_KEY توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|