제출 #790282: liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication정보

제목liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication
설명DjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection.
원천⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md
사용자
 Dem0 (UID 82596)
제출2026. 03. 26. PM 05:03 (29 날 ago)
모더레이션2026. 04. 19. AM 07:11 (24 days later)
상태수락
VulDB 항목358212 [liangliangyy DjangoBlog 까지 2.1.0.0 logtracks Endpoint owntracks/views.py 약한 인증]
포인트들18

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!