Miggo Logo
Miggo Vulnerability Database
CVE-2019-11457

CVE-2019-11457: Cross-Site Request Forgery in MicroPyramid Django CRM

8.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2019-11457
GHSA ID
GHSA-pg2f-r7pc-6fxx
EPSS Score
0.59845%
CWE
CWE-352
Published
9/11/2019
Updated
9/16/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
django-crmpip<= 0.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability report explicitly lists multiple endpoints vulnerable to CSRF. In Django applications, these endpoints map directly to view functions that handle POST requests. The presence of CSRF vulnerabilities indicates these view functions lack proper @csrf_protect decorators or CSRF middleware protection. High confidence comes from: 1) Direct URL-to-view mapping in Django's architecture 2) State-changing operations (password changes, content creation) requiring POST 3) CVE description confirming missing CSRF protections 4) Typical Django project structure patterns

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* *SR* issu*s *xist in Mi*roPyr*mi* *j*n*o *RM *.*.* vi* /***n**-p*sswor*-*y-**min/, /*pi/s*ttin*s/***/, /**s*s/*r**t*/, /***n**-p*sswor*-*y-**min/, /*omm*nt/***/, /*o*um*nts/*/vi*w/, /*o*um*nts/*r**t*/, /opportuniti*s/*r**t*/, *n* /lo*in/.

Reasoning

T** vuln*r**ility r*port *xpli*itly lists multipl* *n*points vuln*r**l* to *SR*. In *j*n*o *ppli**tions, t**s* *n*points m*p *ir**tly to vi*w *un*tions t**t **n*l* POST r*qu*sts. T** pr*s*n** o* *SR* vuln*r**iliti*s in*i**t*s t**s* vi*w *un*tions l**