Submit #790282: liangliangyy DjangoBlog <= 2.1.0.0 Missing Authenticationinfo

Titleliangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication
DescriptionDjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection.
Source⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md
User
 Dem0 (UID 82596)
Submission03/26/2026 17:03 (27 days ago)
Moderation04/19/2026 07:11 (24 days later)
StatusAccepted
VulDB entry358212 [liangliangyy DjangoBlog up to 2.1.0.0 logtracks Endpoint owntracks/views.py missing authentication]
Points18

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!