CVE-2008-3909

N/A Unknown
Published: September 04, 2008 Modified: April 16, 2026
View on NVD

Description

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://osvdb.org/47906
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/31837
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/31961
Source: cve@mitre.org
Not Applicable
http://www.debian.org/security/2008/dsa-1640
Source: cve@mitre.org
Third Party Advisory
http://www.djangoproject.com/weblog/2008/sep/02/security/
Source: cve@mitre.org
Patch
http://www.openwall.com/lists/oss-security/2008/09/03/4
Source: cve@mitre.org
Mailing List Third Party Advisory
http://www.vupen.com/english/advisories/2008/2533
Source: cve@mitre.org
Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=460966
Source: cve@mitre.org
Issue Tracking Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html
Source: cve@mitre.org
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html
Source: cve@mitre.org
Broken Link
http://osvdb.org/47906
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/31837
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/31961
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.debian.org/security/2008/dsa-1640
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.djangoproject.com/weblog/2008/sep/02/security/
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.openwall.com/lists/oss-security/2008/09/03/4
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.vupen.com/english/advisories/2008/2533
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=460966
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

20 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.4%
60th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

djangoproject

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A