CVE-2018-1000141

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1250%

EPSS Percentile40.89th

Published2018年3月23日

Last Modified2025年12月5日

Vulnerability Description

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

Affected Platforms (CPE)

📦

Scilico

I\, Librarian

<= 4.9

References & Advisories

🔗 https://github.com/mkucej/i-librarian/issues/124

相關漏洞威脅

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2017-10002359.8

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully com...

CVE-2017-10002379.8

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker ...

CVE-2018-10001389.1

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can resu...