Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-chzt-bg92-b3ce

Summary

An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands.

We have already fixed the vulnerability in the following versions:
QuMagie 2.7.0 and later

Aliases

alias	CVE-2025-52425

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-52425

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31415
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-52425

reference_url

https://www.qnap.com/en/security-advisory/qsa-25-33

reference_id

qsa-25-33

reference_type

scores

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-07T15:46:29Z/

url

https://www.qnap.com/en/security-advisory/qsa-25-33

Weaknesses

cwe_id	89
name	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Exploits

Severity_range_score 9.5 - 9.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chzt-bg92-b3ce

Vulnerability Instance