Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Django Improper Access Control Vulnerability - CVE-2016-2048 - Vulnerability Database
Django

Django Improper Access Control Vulnerability - CVE-2016-2048

Medium
Reference: CVE-2016-2048
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-2048
Title: Django Improper Access Control Vulnerability
Overview:

Django 1.9.x before 1.9.2 when ModelAdmin.save_as is set to True allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the quotSave as Newquot option when editing objects and leveraging the quotchangequot permission.