Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/contao@3.0.0
Typecomposer
Namespacecontao
Namecontao
Version3.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.13.56
Latest_non_vulnerable_version5.6.1
Affected_by_vulnerabilities
0
url VCID-4rrm-u81m-7kdt
vulnerability_id VCID-4rrm-u81m-7kdt
summary 
Direct Request (Forced Browsing)
Contao has Incorrect Access Control.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20028
reference_id
reference_type
scores
0
value 0.0027
scoring_system epss
scoring_elements 0.50677
published_at 2026-06-08T12:55:00Z
1
value 0.0027
scoring_system epss
scoring_elements 0.5066
published_at 2026-06-04T12:55:00Z
2
value 0.0027
scoring_system epss
scoring_elements 0.50722
published_at 2026-06-05T12:55:00Z
3
value 0.0027
scoring_system epss
scoring_elements 0.50727
published_at 2026-06-06T12:55:00Z
4
value 0.0027
scoring_system epss
scoring_elements 0.50707
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20028
1
reference_url https://contao.org/en/news.html
reference_id
reference_type
scores
url https://contao.org/en/news.html
2
reference_url https://contao.org/en/news/security-vulnerability-cve-2018-20028.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/security-vulnerability-cve-2018-20028.html
3
reference_url https://github.com/contao/contao/commit/bbe5fe1d385cd1195670e2d6b972272133443c59
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/bbe5fe1d385cd1195670e2d6b972272133443c59
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20028
reference_id CVE-2018-20028
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20028
5
reference_url https://github.com/advisories/GHSA-q99w-j4mj-7hj8
reference_id GHSA-q99w-j4mj-7hj8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q99w-j4mj-7hj8
fixed_packages
0
url pkg:composer/contao/contao@3.5.37
purl pkg:composer/contao/contao@3.5.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@3.5.37
1
url pkg:composer/contao/contao@4.4.31
purl pkg:composer/contao/contao@4.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3fux-z15d-13g1
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-82d1-8yn8-sydv
3
vulnerability VCID-98fv-kpqs-mybc
4
vulnerability VCID-ah8s-8q49-8qbw
5
vulnerability VCID-rgvt-jwf2-9fbr
6
vulnerability VCID-rj3d-jeyz-vye5
7
vulnerability VCID-t2u3-tgg3-cbb9
8
vulnerability VCID-u6sk-25yd-e7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.4.31
2
url pkg:composer/contao/contao@4.6.11
purl pkg:composer/contao/contao@4.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3fux-z15d-13g1
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-82d1-8yn8-sydv
3
vulnerability VCID-98fv-kpqs-mybc
4
vulnerability VCID-ah8s-8q49-8qbw
5
vulnerability VCID-azpb-eq6c-e7bw
6
vulnerability VCID-rgvt-jwf2-9fbr
7
vulnerability VCID-rj3d-jeyz-vye5
8
vulnerability VCID-t2u3-tgg3-cbb9
9
vulnerability VCID-u6sk-25yd-e7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.6.11
aliases CVE-2018-20028, GHSA-q99w-j4mj-7hj8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rrm-u81m-7kdt
1
url VCID-6um8-6hqz-uybm
vulnerability_id VCID-6um8-6hqz-uybm
summary 
SQL injection vulnerability
Both the search filter in the back end and the "listing" module in the front end are vulnerable to SQL injection. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end vulnerability can be exploited by anyone.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52496
published_at 2026-06-08T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52535
published_at 2026-06-05T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.52543
published_at 2026-06-06T12:55:00Z
3
value 0.00288
scoring_system epss
scoring_elements 0.52524
published_at 2026-06-07T12:55:00Z
4
value 0.00288
scoring_system epss
scoring_elements 0.52475
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
2
reference_url https://contao.org/de/changelog/versions/4.4.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/de/changelog/versions/4.4.html
3
reference_url https://contao.org/en/news/contao-4_4_8.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_8.html
4
reference_url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
5
reference_url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
6
reference_url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
7
reference_url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
12
reference_url https://github.com/advisories/GHSA-w38g-hj45-mjjp
reference_id GHSA-w38g-hj45-mjjp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w38g-hj45-mjjp
fixed_packages
0
url pkg:composer/contao/contao@4.4.8
purl pkg:composer/contao/contao@4.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.4.8
aliases CVE-2017-16558, GHSA-w38g-hj45-mjjp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6um8-6hqz-uybm
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@3.0.0