Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fuus-wqhf-s3be
Summary
Improper Control of Generation of Code ('Code Injection')
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.
Aliases
0
alias CVE-2023-46845
Fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
1
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
2
url pkg:composer/ec-cube/ec-cube@4.2.3
purl pkg:composer/ec-cube/ec-cube@4.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.3
Affected_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6vr-e9zn-cbaz
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
1
url pkg:composer/ec-cube/ec-cube@3.0.18
purl pkg:composer/ec-cube/ec-cube@3.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuus-wqhf-s3be
1
vulnerability VCID-he32-4cf1-akf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.18
2
url pkg:composer/ec-cube/ec-cube@4.0.0
purl pkg:composer/ec-cube/ec-cube@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f13c-wzhp-cqap
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-kgjm-uhbj-gffx
4
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.0
3
url pkg:composer/ec-cube/ec-cube@4.0.6
purl pkg:composer/ec-cube/ec-cube@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f13c-wzhp-cqap
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-kgjm-uhbj-gffx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6
4
url pkg:composer/ec-cube/ec-cube@4.1.0
purl pkg:composer/ec-cube/ec-cube@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f13c-wzhp-cqap
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-kgjm-uhbj-gffx
4
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.0
5
url pkg:composer/ec-cube/ec-cube@4.1.2
purl pkg:composer/ec-cube/ec-cube@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f13c-wzhp-cqap
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-kgjm-uhbj-gffx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2
6
url pkg:composer/ec-cube/ec-cube@4.2.0
purl pkg:composer/ec-cube/ec-cube@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f13c-wzhp-cqap
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-kgjm-uhbj-gffx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0
References
0
reference_url https://jvn.jp/en/jp/JVN29195731/
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN29195731/
1
reference_url https://www.ec-cube.net/info/weakness/20231026/index_3.php
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20231026/index_3.php
2
reference_url https://www.ec-cube.net/info/weakness/20231026/index_40.php
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20231026/index_40.php
3
reference_url https://www.ec-cube.net/info/weakness/20231026/index.php
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20231026/index.php
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46845
reference_id CVE-2023-46845
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46845
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fuus-wqhf-s3be