CVE-2018-1000141

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1250%

EPSS Percentile40.89th

PublishedMar 23, 2018

Last ModifiedDec 5, 2025

Vulnerability Description

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

Affected Platforms (CPE)

📦

Scilico

I\, Librarian

<= 4.9

References & Advisories

🔗 https://github.com/mkucej/i-librarian/issues/124

Related Vulnerabilities

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2017-10002359.8

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully com...

CVE-2017-10002379.8

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker ...

CVE-2018-10001389.1

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can resu...