CyberSec.Space Logo
Back to CVE Browser

CVE-2017-1000237

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0930%
EPSS Percentile43.55th
PublishedNov 17, 2017
Last ModifiedDec 5, 2025

Vulnerability Description

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

Affected Platforms (CPE)

📦
Scilico

I\, Librarian

<= 4.6
📦
Scilico

I\, Librarian

= 4.7

References & Advisories

🔗 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt
🔗 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt

Related Vulnerabilities

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2017-10002359.8

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully com...

CVE-2018-10001419.1

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in a...

CVE-2018-10001389.1

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can resu...