提交 #790282: liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication信息

标题liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication
描述DjangoBlog through x.x.x.x allows unauthenticated GPS data injection via the /owntracks/logtracks endpoint. The endpoint in owntracks/views.py accepts arbitrary POST requests with JSON GPS data without any authentication or CSRF protection, allowing attackers to inject forged location data into the database or exhaust database storage via mass injection.
来源⚠️ https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md
用户
 Dem0 (UID 82596)
提交2026-03-26 17時03分 (3 月前)
管理2026-04-19 07時11分 (24 days later)
状态已接受
VulDB条目358212 [liangliangyy DjangoBlog 直到 2.1.0.0 logtracks Endpoint owntracks/views.py 弱身份验证]
积分18

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!