Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-m4fg-r5yx-dfhb
Summary
ADOdb SQL injection vulnerability
The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple drivers.
Aliases
0
alias GHSA-h63c-xvpf-264j
Fixed_packages
0
url pkg:composer/adodb/adodb-php@5.20.11
purl pkg:composer/adodb/adodb-php@5.20.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-uz7x-nkta-xkez
2
vulnerability VCID-wyd8-1reg-23h2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.11
Affected_packages
0
url pkg:composer/adodb/adodb-php@5.19
purl pkg:composer/adodb/adodb-php@5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-r9hg-ac9m-vbed
4
vulnerability VCID-u92u-ykxt-subq
5
vulnerability VCID-uz7x-nkta-xkez
6
vulnerability VCID-wyd8-1reg-23h2
7
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.19
1
url pkg:composer/adodb/adodb-php@5.20.0
purl pkg:composer/adodb/adodb-php@5.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-r9hg-ac9m-vbed
4
vulnerability VCID-u92u-ykxt-subq
5
vulnerability VCID-uz7x-nkta-xkez
6
vulnerability VCID-wyd8-1reg-23h2
7
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.0
2
url pkg:composer/adodb/adodb-php@5.20.1
purl pkg:composer/adodb/adodb-php@5.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-r9hg-ac9m-vbed
4
vulnerability VCID-u92u-ykxt-subq
5
vulnerability VCID-uz7x-nkta-xkez
6
vulnerability VCID-wyd8-1reg-23h2
7
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.1
3
url pkg:composer/adodb/adodb-php@5.20.2
purl pkg:composer/adodb/adodb-php@5.20.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-r9hg-ac9m-vbed
4
vulnerability VCID-u92u-ykxt-subq
5
vulnerability VCID-uz7x-nkta-xkez
6
vulnerability VCID-wyd8-1reg-23h2
7
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.2
4
url pkg:composer/adodb/adodb-php@5.20.3
purl pkg:composer/adodb/adodb-php@5.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-r9hg-ac9m-vbed
4
vulnerability VCID-u92u-ykxt-subq
5
vulnerability VCID-uz7x-nkta-xkez
6
vulnerability VCID-wyd8-1reg-23h2
7
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.3
5
url pkg:composer/adodb/adodb-php@5.20.4
purl pkg:composer/adodb/adodb-php@5.20.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-r9hg-ac9m-vbed
4
vulnerability VCID-u92u-ykxt-subq
5
vulnerability VCID-uz7x-nkta-xkez
6
vulnerability VCID-wyd8-1reg-23h2
7
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.4
6
url pkg:composer/adodb/adodb-php@5.20.5
purl pkg:composer/adodb/adodb-php@5.20.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-r9hg-ac9m-vbed
4
vulnerability VCID-u92u-ykxt-subq
5
vulnerability VCID-uz7x-nkta-xkez
6
vulnerability VCID-wyd8-1reg-23h2
7
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.5
7
url pkg:composer/adodb/adodb-php@5.20.6
purl pkg:composer/adodb/adodb-php@5.20.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-u92u-ykxt-subq
4
vulnerability VCID-uz7x-nkta-xkez
5
vulnerability VCID-wyd8-1reg-23h2
6
vulnerability VCID-xvtj-eay9-m3er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.6
8
url pkg:composer/adodb/adodb-php@5.20.7
purl pkg:composer/adodb/adodb-php@5.20.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-u92u-ykxt-subq
4
vulnerability VCID-uz7x-nkta-xkez
5
vulnerability VCID-wyd8-1reg-23h2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.7
9
url pkg:composer/adodb/adodb-php@5.20.8
purl pkg:composer/adodb/adodb-php@5.20.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-u92u-ykxt-subq
4
vulnerability VCID-uz7x-nkta-xkez
5
vulnerability VCID-wyd8-1reg-23h2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.8
10
url pkg:composer/adodb/adodb-php@5.20.9
purl pkg:composer/adodb/adodb-php@5.20.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-kj73-kd5z-wqen
2
vulnerability VCID-m4fg-r5yx-dfhb
3
vulnerability VCID-u92u-ykxt-subq
4
vulnerability VCID-uz7x-nkta-xkez
5
vulnerability VCID-wyd8-1reg-23h2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.9
11
url pkg:composer/adodb/adodb-php@5.20.10
purl pkg:composer/adodb/adodb-php@5.20.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73nz-mq75-pbhu
1
vulnerability VCID-m4fg-r5yx-dfhb
2
vulnerability VCID-uz7x-nkta-xkez
3
vulnerability VCID-wyd8-1reg-23h2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.10
References
0
reference_url https://github.com/ADOdb/ADOdb/pull/311
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ADOdb/ADOdb/pull/311
1
reference_url https://github.com/ADOdb/ADOdb/pull/401
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ADOdb/ADOdb/pull/401
2
reference_url https://github.com/dregad/ADOdb/commit/34788ce8c1d08500631f55764cc2247b9c7cfd2b
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dregad/ADOdb/commit/34788ce8c1d08500631f55764cc2247b9c7cfd2b
3
reference_url https://github.com/dregad/ADOdb/commit/d29c23f2264ec95c6d3851e0f51ce240b2f36b74
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dregad/ADOdb/commit/d29c23f2264ec95c6d3851e0f51ce240b2f36b74
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/adodb/adodb-php/2018-03-06.yaml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/adodb/adodb-php/2018-03-06.yaml
5
reference_url https://github.com/advisories/GHSA-h63c-xvpf-264j
reference_id GHSA-h63c-xvpf-264j
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h63c-xvpf-264j
Weaknesses
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-m4fg-r5yx-dfhb