| Title | liangliangyy DjangoBlog <= 2.1.0.0 Security Misconfiguration + Hardcoded Credentials |
|---|
| Description | DjangoBlog through x.x.x.x enables Django DEBUG mode by default and uses hardcoded database credentials (root/root) as fallback values in djangoblog/settings.py. Deployments that omit environment variable configuration expose detailed error pages (stack traces, settings, local variables) and use trivially guessable database credentials. |
|---|
| Source | ⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-12-DEBUG-Enabled-Hardcoded-DB-Creds.md |
|---|
| User | Dem0 (UID 82596) |
|---|
| Submission | 03/26/2026 17:26 (4 months ago) |
|---|
| Moderation | 04/19/2026 18:06 (24 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 358245 [liangliangyy DjangoBlog up to 2.1.0.0 Setting djangoblog/settings.py USER/PASSWORD hard-coded credentials] |
|---|
| Points | 18 |
|---|