SYM_PY_0175 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Input Validation
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
After confirming a Django form is valid, accessing user input directly from request.POST instead of using form.cleaned_data bypasses Django's input sanitization. This can allow unsanitized or unexpected data to be processed by your application.
Impact
If exploited, attackers could submit malicious data that passes validation but is still accessed unsafely, potentially leading to security issues such as injection attacks, data corruption, or unexpected application behavior. This undermines Django's form security and can compromise the integrity of your application.