Submit #790282: liangliangyy DjangoBlog <= 2.1.0.0 Missing Authenticationinfo

Titelliangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication
BeschreibungDjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection.
Quelle⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md
Benutzer
 Dem0 (UID 82596)
Einreichung26.03.2026 17:03 (vor 26 Tagen)
Moderieren19.04.2026 07:11 (24 days later)
StatusAkzeptiert
VulDB Eintrag358212 [liangliangyy DjangoBlog bis 2.1.0.0 logtracks Endpoint owntracks/views.py schwache Authentisierung]
Punkte18

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!