Gửi #790283: liangliangyy DjangoBlog Hardcoded Credentials Hardcoded Credentialsthông tin

tiêu đềliangliangyy DjangoBlog Hardcoded Credentials Hardcoded Credentials
Mô tảDjangoBlog through x.x.x.x uses a hardcoded fallback value for the Django SECRET_KEY in djangoblog/settings.py when the DJANGO_SECRET_KEY environment variable is not set. This key is used to sign session cookies, CSRF tokens, password reset tokens, and email confirmation signatures. An attacker who knows the key can forge sessions to impersonate any user including superadmins, bypass CSRF protection, and take over accounts.
Nguồn⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-3-Hardcoded-Django-SECRET_KEY.md
Người dùng
 Dem0 (UID 82596)
Đệ trình26/03/2026 17:05 (cách đây 28 ngày)
Kiểm duyệt19/04/2026 07:11 (24 days later)
Trạng tháiđược chấp nhận
Mục VulDB358213 [liangliangyy DjangoBlog đến 2.1.0.0 Setting djangoblog/settings.py SECRET_KEY xác thực yếu]
điểm20

TrướcTổng QuanTiếp theo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!