Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-286m-6jj4-p3d6
SummaryIPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier.
Aliases
0
alias CVE-2025-46661
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46661
reference_id
reference_type
scores
0
value 0.00421
scoring_system epss
scoring_elements 0.62525
published_at 2026-06-14T12:55:00Z
1
value 0.00421
scoring_system epss
scoring_elements 0.62417
published_at 2026-06-11T12:55:00Z
2
value 0.00421
scoring_system epss
scoring_elements 0.62518
published_at 2026-06-12T12:55:00Z
3
value 0.00421
scoring_system epss
scoring_elements 0.6253
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46661
1
reference_url https://code-white.com/public-vulnerability-list/
reference_id public-vulnerability-list
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-28T15:47:05Z/
url https://code-white.com/public-vulnerability-list/
2
reference_url https://www.ipwsystems.com/
reference_id www.ipwsystems.com
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-28T15:47:05Z/
url https://www.ipwsystems.com/
Weaknesses
0
cwe_id 1336
name Improper Neutralization of Special Elements Used in a Template Engine
description The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
Exploits
Severity_range_score10.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-286m-6jj4-p3d6