A remote attacker is able to bypass certain access restrictions that, depending on used django modules, is possibly leading to cross-site scripting or arbitrary SQL execution. Furthermore a remote attacker with network access to the database server is able to bypass the authentication.