Django 'django.contrib.admin' Querystring Information Disclosure Vulnerability

Django is prone to an information-disclosure vulnerability because it fails to sufficiently restrict an administrative user's access to sensitive information via querystrings.

Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Versions prior to Django 1.2.4, 1.1.3, and 1.3 beta 1 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus