| Titel | liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication |
|---|
| Beschreibung | DjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection. |
|---|
| Quelle | ⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md |
|---|
| Benutzer | Dem0 (UID 82596) |
|---|
| Einreichung | 26.03.2026 17:03 (vor 2 Monaten) |
|---|
| Moderieren | 19.04.2026 07:11 (24 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 358212 [liangliangyy DjangoBlog bis 2.1.0.0 logtracks Endpoint owntracks/views.py schwache Authentisierung] |
|---|
| Punkte | 18 |
|---|