Django Message Files Remote Arbitrary Command Execution Vulnerability

Django is prone to a vulnerability that may permit the execution of remote arbitrary shell commands because the application fails to properly sanitize user-supplied input before using it in a Python 'os.system()' function call.

Exploiting this issue allows attackers to execute remote arbitrary shell commands with the privileges of users executing a vulnerable version of the application.

This issue affects version 0.95; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus