| शीर्षक | liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication |
|---|
| विवरण | DjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection. |
|---|
| स्रोत | ⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md |
|---|
| उपयोगकर्ता | Dem0 (UID 82596) |
|---|
| सबमिशन | 26/03/2026 05:03 PM (2 महीनों पहले) |
|---|
| संयम | 19/04/2026 07:11 AM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 358212 [liangliangyy DjangoBlog तक 2.1.0.0 logtracks Endpoint owntracks/views.py कमजोर प्रमाणीकरण] |
|---|
| अंक | 18 |
|---|