CVE-2007-5828

Priority
Description
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the
admin panel in Django 0.96 allows remote attackers to change passwords of
arbitrary users via a request to admin/auth/user/1/password/. NOTE: this
issue has been disputed by Debian, since product documentation includes a
recommendation for a CSRF protection module that is included with the
product. However, CVE considers this an issue because the default
configuration does not use this module.
Notes
mdeslaurlet's ignore this also
Package
Upstream:ignored
More Information

Updated: 2020-01-29 20:05:49 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)