Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/akeneo/pim-community-dev@1.4.14

Type composer

Namespace akeneo

Name pim-community-dev

Version 1.4.14

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.119

Latest_non_vulnerable_version 6.0.53

Affected_by_vulnerabilities

url VCID-jt1t-hxm4-eub3

vulnerability_id VCID-jt1t-hxm4-eub3

summary

OS Command Injection
Akeneo PIM is vulnerable to shell injection in the mass edition, resulting in remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000009

reference_id

reference_type

scores

value	0.10457
scoring_system	epss
scoring_elements	0.93379
published_at	2026-06-05T12:55:00Z

value	0.10457
scoring_system	epss
scoring_elements	0.93368
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000009

reference_url

https://github.com/akeneo/pim-community-dev

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev

reference_url

https://github.com/akeneo/pim-community-dev/blob/1.5/CHANGELOG-1.5.md#bug-fixes-2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev/blob/1.5/CHANGELOG-1.5.md#bug-fixes-2

reference_url

https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.4.md#bug-fixes

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.4.md#bug-fixes

reference_url

https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.6.md#bug-fixes-2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.6.md#bug-fixes-2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000009

reference_id

CVE-2017-1000009

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000009

reference_url

https://github.com/advisories/GHSA-q8cr-xphm-7gfv

reference_id

GHSA-q8cr-xphm-7gfv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q8cr-xphm-7gfv

fixed_packages

url pkg:composer/akeneo/pim-community-dev@1.4.28

purl pkg:composer/akeneo/pim-community-dev@1.4.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcpy-mxrd-zyfc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/akeneo/pim-community-dev@1.4.28

url pkg:composer/akeneo/pim-community-dev@1.5.15

purl pkg:composer/akeneo/pim-community-dev@1.5.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcpy-mxrd-zyfc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/akeneo/pim-community-dev@1.5.15

url pkg:composer/akeneo/pim-community-dev@1.6.6

purl pkg:composer/akeneo/pim-community-dev@1.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wcpy-mxrd-zyfc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/akeneo/pim-community-dev@1.6.6

aliases CVE-2017-1000009, GHSA-q8cr-xphm-7gfv

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jt1t-hxm4-eub3

url VCID-wcpy-mxrd-zyfc

vulnerability_id VCID-wcpy-mxrd-zyfc

summary

Akeneo PIM Community Edition vulnerable to remote php code execution
### Impact
Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image.


### Patches

Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability.  
Community Edition users must change their Apache HTTP server configuration accordingly to be protected.
The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. 

### Workarounds

Replace any reference to `<FilesMatch \.php$>` in your apache httpd configurations with: `<Location "/index.php">`, as shown in https://github.com/akeneo/pim-community-dev/blob/b4d79bb073c8b68ea26ab227c97cc78d86c4cba1/docker/httpd.conf#L39.

<!--
### References
_Are there any links users can visit to find out more?_


### For more information
 If you have any questions or comments about this advisory:
* Open an issue in [example link to repo](http://example.com)
* Email us at [example email address](mailto:example@example.com)
-->

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46157

reference_id

reference_type

scores

value	0.01321
scoring_system	epss
scoring_elements	0.80224
published_at	2026-06-04T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.80248
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46157

reference_url

https://github.com/akeneo/pim-community-dev

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev

reference_url

https://github.com/akeneo/pim-community-dev/blob/b4d79bb073c8b68ea26ab227c97cc78d86c4cba1/docker/httpd.conf#L39

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev/blob/b4d79bb073c8b68ea26ab227c97cc78d86c4cba1/docker/httpd.conf#L39

reference_url

https://github.com/akeneo/pim-community-dev/commit/891a2f70a9a200f199de06fe64d376d03787a81a

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev/commit/891a2f70a9a200f199de06fe64d376d03787a81a

reference_url

https://github.com/akeneo/pim-community-dev/security/advisories/GHSA-w9wc-4xcq-8gr6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/akeneo/pim-community-dev/security/advisories/GHSA-w9wc-4xcq-8gr6

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-46157

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-46157

reference_url	https://github.com/advisories/GHSA-w9wc-4xcq-8gr6
reference_id	GHSA-w9wc-4xcq-8gr6
reference_type
scores
url	https://github.com/advisories/GHSA-w9wc-4xcq-8gr6

fixed_packages

url	pkg:composer/akeneo/pim-community-dev@5.0.119
purl	pkg:composer/akeneo/pim-community-dev@5.0.119
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/akeneo/pim-community-dev@5.0.119

url	pkg:composer/akeneo/pim-community-dev@6.0.53
purl	pkg:composer/akeneo/pim-community-dev@6.0.53
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/akeneo/pim-community-dev@6.0.53

aliases CVE-2022-46157, GHSA-w9wc-4xcq-8gr6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcpy-mxrd-zyfc

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/akeneo/pim-community-dev@1.4.14

Package Instance