Filtered by vendor I-librarian
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000141 | 1 I-librarian | 1 I Librarian | 2019-10-03 | 7.5 HIGH | 9.1 CRITICAL |
| I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. | |||||
| CVE-2018-1000124 | 1 I-librarian | 1 I\, Librarian | 2018-04-13 | 7.5 HIGH | 10.0 CRITICAL |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | |||||
| CVE-2018-1000138 | 1 I-librarian | 1 I Librarian | 2018-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | |||||
| CVE-2017-1000237 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | |||||
| CVE-2017-1000235 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | |||||