Improper Input Validation

Property
Language
Severity
CWE	CWE-20: Improper Input Validation
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description#

After confirming a Django form is valid, accessing user input directly from request.POST instead of using form.cleaned_data bypasses Django’s input sanitization. This can allow unsanitized or unexpected data to be processed by your application.

Impact#

If exploited, attackers could submit malicious data that passes validation but is still accessed unsafely, potentially leading to security issues such as injection attacks, data corruption, or unexpected application behavior. This undermines Django’s form security and can compromise the integrity of your application.