Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/badaso/core@2.4.14
Typecomposer
Namespacebadaso
Namecore
Version2.4.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.9.12
Latest_non_vulnerable_version2.9.12
Affected_by_vulnerabilities
0
url VCID-19n6-8ndj-cbeg
vulnerability_id VCID-19n6-8ndj-cbeg
summary An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlying host. This has been demonstrated by embedding a backdoor within a PDF and renaming it with a .php extension.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52353
reference_id
reference_type
scores
0
value 0.00438
scoring_system epss
scoring_elements 0.63541
published_at 2026-06-11T12:55:00Z
1
value 0.00588
scoring_system epss
scoring_elements 0.69713
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52353
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52353
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52353
2
reference_url https://github.com/uasoft-indonesia/badaso
reference_id badaso
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-27T14:02:22Z/
url https://github.com/uasoft-indonesia/badaso
3
reference_url https://github.com/advisories/GHSA-gqp9-jh35-439m
reference_id GHSA-gqp9-jh35-439m
reference_type
scores
url https://github.com/advisories/GHSA-gqp9-jh35-439m
4
reference_url https://medium.com/@pat.sanitjairak/remote-code-execution-in-a-plain-view-0f86f183543d
reference_id remote-code-execution-in-a-plain-view-0f86f183543d
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-27T14:02:22Z/
url https://medium.com/@pat.sanitjairak/remote-code-execution-in-a-plain-view-0f86f183543d
fixed_packages
0
url pkg:composer/badaso/core@2.9.12
purl pkg:composer/badaso/core@2.9.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/badaso/core@2.9.12
aliases CVE-2025-52353, GHSA-gqp9-jh35-439m
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19n6-8ndj-cbeg
1
url VCID-aduh-1gve-mfbk
vulnerability_id VCID-aduh-1gve-mfbk
summary Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41705
reference_id
reference_type
scores
0
value 0.1183
scoring_system epss
scoring_elements 0.93901
published_at 2026-06-12T12:55:00Z
1
value 0.1183
scoring_system epss
scoring_elements 0.93881
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41705
1
reference_url https://fluidattacks.com/advisories/headhunterz
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://fluidattacks.com/advisories/headhunterz
2
reference_url https://github.com/uasoft-indonesia/badaso/issues/818
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/uasoft-indonesia/badaso/issues/818
3
reference_url https://github.com/uasoft-indonesia/badaso/
reference_id badaso
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-29T14:51:35Z/
url https://github.com/uasoft-indonesia/badaso/
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41705
reference_id CVE-2022-41705
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41705
5
reference_url https://github.com/advisories/GHSA-g389-rf5p-fg56
reference_id GHSA-g389-rf5p-fg56
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g389-rf5p-fg56
6
reference_url https://fluidattacks.com/advisories/headhunterz/
reference_id headhunterz
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-29T14:51:35Z/
url https://fluidattacks.com/advisories/headhunterz/
fixed_packages
0
url pkg:composer/badaso/core@2.7.0
purl pkg:composer/badaso/core@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19n6-8ndj-cbeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/badaso/core@2.7.0
aliases CVE-2022-41705, GHSA-g389-rf5p-fg56
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aduh-1gve-mfbk
2
url VCID-zw5m-qryp-97eq
vulnerability_id VCID-zw5m-qryp-97eq
summary Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41711
reference_id
reference_type
scores
0
value 0.09998
scoring_system epss
scoring_elements 0.93239
published_at 2026-06-12T12:55:00Z
1
value 0.09998
scoring_system epss
scoring_elements 0.93217
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41711
1
reference_url https://fluidattacks.com/advisories/harlow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://fluidattacks.com/advisories/harlow
2
reference_url https://github.com/uasoft-indonesia/badaso/commit/22250eca7c364d991ce9e0a723941eae4889d6f9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/uasoft-indonesia/badaso/commit/22250eca7c364d991ce9e0a723941eae4889d6f9
3
reference_url https://github.com/uasoft-indonesia/badaso/issues/802
reference_id 802
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-07T19:32:24Z/
url https://github.com/uasoft-indonesia/badaso/issues/802
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41711
reference_id CVE-2022-41711
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41711
5
reference_url https://github.com/advisories/GHSA-fwvc-9xhj-26v5
reference_id GHSA-fwvc-9xhj-26v5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwvc-9xhj-26v5
6
reference_url https://fluidattacks.com/advisories/harlow/
reference_id harlow
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-07T19:32:24Z/
url https://fluidattacks.com/advisories/harlow/
fixed_packages
0
url pkg:composer/badaso/core@2.6.1
purl pkg:composer/badaso/core@2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19n6-8ndj-cbeg
1
vulnerability VCID-aduh-1gve-mfbk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/badaso/core@2.6.1
aliases CVE-2022-41711, GHSA-fwvc-9xhj-26v5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zw5m-qryp-97eq
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/badaso/core@2.4.14