Submit #790289: liangliangyy DjangoBlog <= 2.1.0.0 Security Misconfiguration + Hardcoded Credentialsinfo

Titleliangliangyy DjangoBlog <= 2.1.0.0 Security Misconfiguration + Hardcoded Credentials
DescriptionDjangoBlog through x.x.x.x enables Django DEBUG mode by default and uses hardcoded database credentials (root/root) as fallback values in djangoblog/settings.py. Deployments that omit environment variable configuration expose detailed error pages (stack traces, settings, local variables) and use trivially guessable database credentials.
Source⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-12-DEBUG-Enabled-Hardcoded-DB-Creds.md
User
 Dem0 (UID 82596)
Submission03/26/2026 17:26 (4 months ago)
Moderation04/19/2026 18:06 (24 days later)
StatusAccepted
VulDB entry358245 [liangliangyy DjangoBlog up to 2.1.0.0 Setting djangoblog/settings.py USER/PASSWORD hard-coded credentials]
Points18

Interested in the pricing of exploits?

See the underground prices here!