Search for vulnerabilities
Vulnerability details: VCID-fj8d-ydj1-aaab
Vulnerability ID VCID-fj8d-ydj1-aaab
Aliases CVE-2007-5828
Summary ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module.
Status Disputed
Exploitability 0.5
Weighted Severity 6.1
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-352 Cross-Site Request Forgery (CSRF)
System Score Found at
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2007-5828
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=379641
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-5828
Reference id Reference type URL
http://osvdb.org/45285
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5828.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5828
http://securityreason.com/securityalert/3338
http://www.securityfocus.com/archive/1/482983/100/0/threaded
379641 https://bugzilla.redhat.com/show_bug.cgi?id=379641
cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*
CVE-2007-5828 https://nvd.nist.gov/vuln/detail/CVE-2007-5828
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-5828
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.35686
EPSS Score 0.00174
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-04-16T02:26:26.609602+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2007-5828 36.0.0