Описание
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
Ссылки
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8 (включая)
cpe:2.3:a:scilico:i\,_librarian:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00212
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.1
debian
почти 8 лет назад
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in ...
CVSS3: 9.1
github
больше 3 лет назад
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
EPSS
Процентиль: 44%
0.00212
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918