Soumettre #790282: liangliangyy DjangoBlog <= 2.1.0.0 Missing Authenticationinformation

Titreliangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication
DescriptionDjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection.
La source⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md
Utilisateur
 Dem0 (UID 82596)
Soumission26/03/2026 17:03 (il y a 2 mois)
Modérer19/04/2026 07:11 (24 days later)
StatutAccepté
Entrée VulDB358212 [liangliangyy DjangoBlog jusqu’à 2.1.0.0 logtracks Endpoint owntracks/views.py authentification faible]
Points18

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!