CVE-2018-1000138

CRITICAL

scilico i_librarian < 4.8 - Server-Side Request Forgery via URL Parameter in getFromWeb

Title source: llm
STIX 2.1

Description

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/mkucej/i-librarian/issues/120

Scores

CVSS v3 9.1
EPSS 0.0160
EPSS Percentile 72.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-918
Status published
Products (1)
scilico/i\,_librarian < 4.8
Published Mar 23, 2018
Tracked Since Feb 18, 2026