Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000141 | 1 I-librarian | 1 I Librarian | 2019-10-03 | 7.5 HIGH | 9.1 CRITICAL |
| I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. | |||||
| CVE-2018-1000138 | 1 I-librarian | 1 I Librarian | 2018-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | |||||
| CVE-2017-1000237 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | |||||
| CVE-2017-1000235 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | |||||