返回 CVE 浏览器

CVE-2018-1000138

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1000%

EPSS Percentile37.79th

Published2018年3月23日

Last Modified2025年12月5日

Vulnerability Description

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.

Affected Platforms (CPE)

📦

Scilico

I\, Librarian

<= 4.8

References & Advisories

🔗 https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811

🔗 https://github.com/mkucej/i-librarian/issues/120

🔗 https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811

🔗 https://github.com/mkucej/i-librarian/issues/120

相关漏洞威胁

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2017-10002359.8

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully com...

CVE-2017-10002379.8

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker ...

CVE-2018-10001419.1

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in a...