Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core@4.3.0
Typecomposer
Namespacecontao
Namecore
Version4.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.11.4
Latest_non_vulnerable_version3.5.39
Affected_by_vulnerabilities
0
url VCID-crsc-bhc9-y3f9
vulnerability_id VCID-crsc-bhc9-y3f9
summary 
PHP file inclusion vulnerability in the back end
A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server.
references
0
reference_url https://contao.org/en/news/contao-3_5_28.html
reference_id
reference_type
scores
url https://contao.org/en/news/contao-3_5_28.html
1
reference_url https://contao.org/en/news/contao-4_4_1.html
reference_id
reference_type
scores
url https://contao.org/en/news/contao-4_4_1.html
2
reference_url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
reference_id CVE-2017-10993
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
7
reference_url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
reference_id GHSA-x5g4-crxq-qxjx
reference_type
scores
url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
fixed_packages
aliases CVE-2017-10993, GHSA-x5g4-crxq-qxjx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crsc-bhc9-y3f9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core@4.3.0