Submit #790289: liangliangyy DjangoBlog <= 2.1.0.0 Security Misconfiguration + Hardcoded Credentialsinfo

Titelliangliangyy DjangoBlog <= 2.1.0.0 Security Misconfiguration + Hardcoded Credentials
BeschreibungDjangoBlog through x.x.x.x enables Django DEBUG mode by default and uses hardcoded database credentials (root/root) as fallback values in djangoblog/settings.py. Deployments that omit environment variable configuration expose detailed error pages (stack traces, settings, local variables) and use trivially guessable database credentials.
Quelle⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-12-DEBUG-Enabled-Hardcoded-DB-Creds.md
Benutzer
 Dem0 (UID 82596)
Einreichung26.03.2026 17:26 (vor 2 Monaten)
Moderieren19.04.2026 18:06 (24 days later)
StatusAkzeptiert
VulDB Eintrag358245 [liangliangyy DjangoBlog bis 2.1.0.0 Setting djangoblog/settings.py USER/PASSWORD schwache Authentisierung]
Punkte18

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!