id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
5879	Session riding vulnerability in the admin app	roland.illig@…	nobody	"Everything that is needed to submit an HTML form like on http://127.0.0.1:8000/admin/*/*/add/ can be guessed by an attacker. Therefore, the necessary data may be included in an external web page, and as soon as an already logged-in admin visits that page, the attacker can add things to the database.

http://en.wikipedia.org/wiki/XSRF

Roland
"		closed	contrib.admin	newforms-admin		wontfix			Accepted	0	0	0	0	0	0