VYPR
Medium severity5.5NVD Advisory· Published Feb 8, 2016· Updated Jun 17, 2026

CVE-2016-2048

CVE-2016-2048

Description

Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 1.9, < 1.9.21.9.2

Affected products

3
  • cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.9, < 1.9.2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.