Description
I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/mkucej/i-librarian/issues/124
Scores
CVSS v3
9.1
EPSS
0.0135
EPSS Percentile
68.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (1)
scilico/i\,_librarian
< 4.9
Published
Mar 23, 2018
Tracked Since
Feb 18, 2026