Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-yjdz-bsf2-xbfz
SummaryphpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
Aliases
0
alias CVE-2024-29196
1
alias GHSA-mmh6-5cpf-2c72
Fixed_packages
0
url pkg:composer/phpmyfaq/phpmyfaq@3.2.6
purl pkg:composer/phpmyfaq/phpmyfaq@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2na9-t3m7-wfhn
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-a9tb-yj7x-pya1
9
vulnerability VCID-ecpv-3xqn-eqf8
10
vulnerability VCID-p68j-sbvd-yuh4
11
vulnerability VCID-qhsm-g24v-k7gj
12
vulnerability VCID-rrz3-kbbd-eyhq
13
vulnerability VCID-tpbv-urbk-h7gf
14
vulnerability VCID-txxg-bugj-6bd4
15
vulnerability VCID-vjqh-59nn-5ude
16
vulnerability VCID-yckn-74u4-pkaw
17
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6
1
url pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
purl pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2na9-t3m7-wfhn
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5ez6-qnbc-nfgb
4
vulnerability VCID-5pw3-qxh6-6ufr
5
vulnerability VCID-5wsg-7979-dqgs
6
vulnerability VCID-6jmj-n5mz-bba8
7
vulnerability VCID-7tpb-1avq-zfhu
8
vulnerability VCID-8k51-budg-h3ak
9
vulnerability VCID-a9tb-yj7x-pya1
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-p68j-sbvd-yuh4
12
vulnerability VCID-qhsm-g24v-k7gj
13
vulnerability VCID-rrz3-kbbd-eyhq
14
vulnerability VCID-tpbv-urbk-h7gf
15
vulnerability VCID-txxg-bugj-6bd4
16
vulnerability VCID-vjqh-59nn-5ude
17
vulnerability VCID-yckn-74u4-pkaw
18
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
Affected_packages
0
url pkg:composer/phpmyfaq/phpmyfaq@3.2.5
purl pkg:composer/phpmyfaq/phpmyfaq@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-b67r-uyfw
1
vulnerability VCID-1qwx-htn1-4bg8
2
vulnerability VCID-2na9-t3m7-wfhn
3
vulnerability VCID-5256-zeqq-yqas
4
vulnerability VCID-527w-e1dv-qyhe
5
vulnerability VCID-57ev-2w6v-mbbs
6
vulnerability VCID-5pw3-qxh6-6ufr
7
vulnerability VCID-5wsg-7979-dqgs
8
vulnerability VCID-6jmj-n5mz-bba8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-a9tb-yj7x-pya1
12
vulnerability VCID-cq9g-8pv2-bfcm
13
vulnerability VCID-ecpv-3xqn-eqf8
14
vulnerability VCID-p68j-sbvd-yuh4
15
vulnerability VCID-q524-u3fc-2uac
16
vulnerability VCID-qhsm-g24v-k7gj
17
vulnerability VCID-qtya-dhhw-uqa9
18
vulnerability VCID-rrz3-kbbd-eyhq
19
vulnerability VCID-tpbv-urbk-h7gf
20
vulnerability VCID-txxg-bugj-6bd4
21
vulnerability VCID-vjqh-59nn-5ude
22
vulnerability VCID-wgqs-pf23-dkdb
23
vulnerability VCID-yckn-74u4-pkaw
24
vulnerability VCID-yjdz-bsf2-xbfz
25
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29196
reference_id
reference_type
scores
0
value 0.0063
scoring_system epss
scoring_elements 0.70873
published_at 2026-06-14T12:55:00Z
1
value 0.0063
scoring_system epss
scoring_elements 0.70863
published_at 2026-06-12T12:55:00Z
2
value 0.0063
scoring_system epss
scoring_elements 0.70772
published_at 2026-06-11T12:55:00Z
3
value 0.0063
scoring_system epss
scoring_elements 0.70875
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29196
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62
reference_id 7ae2559f079cd5fc9948b6fdfb87581f93840f62
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-05T16:25:22Z/
url https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29196
reference_id CVE-2024-29196
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29196
4
reference_url https://github.com/advisories/GHSA-mmh6-5cpf-2c72
reference_id GHSA-mmh6-5cpf-2c72
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmh6-5cpf-2c72
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72
reference_id GHSA-mmh6-5cpf-2c72
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-05T16:25:22Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72
Weaknesses
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score0.1 - 3.8
Exploitability0.5
Weighted_severity3.4
Risk_score1.7
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-yjdz-bsf2-xbfz