Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-75md-j1rs-y7c1

Summary SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Aliases

alias	CVE-2024-36415

Fixed_packages

Affected_packages

References

reference_url

https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh

reference_id

GHSA-c82f-58jv-jfrh

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T19:08:56Z/

url

https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh

Weaknesses

cwe_id	98
name	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
description	The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in require, include, or similar functions.

cwe_id	434
name	Unrestricted Upload of File with Dangerous Type
description	The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Exploits

Severity_range_score 9.1 - 9.1

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75md-j1rs-y7c1

Vulnerability Instance