CVE-2008-3909

Name of the Vulnerable Software and Affected Versions Django versions 0.91 through 0.96

Description The administration application in Django stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, allowing remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

Recommendations For Django versions 0.91 through 0.96, consider disabling the administration application until a patch is available to prevent cross-site request forgery (CSRF) attacks. Restrict access to the administration interface to minimize the risk of exploitation. Avoid using the administration application for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.