A critical remote code execution (RCE) vulnerability affecting Django web applications, demonstrating how seemingly benign CSV file upload functionality can be weaponized for complete server compromise. Summary1. Django RCE exploit chains directory traversal with CSV parser abuse to compromise servers through file uploads.2. Attackers use unsanitized username input (../../../../../../app/backend/backend/) to target Django’s wsgi.py file.3. Malicious […]
The post Django App Vulnerabilities Chained to Execute Arbitrary Code Remotely appeared first on Cyber Security News.
This article has been indexed from Cyber Security News