CVE-2024-54819

CRITICAL

I, Librarian <5.11.1 - SSRF

Title source: llm

Description

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php

Exploits (1)

nomisec WORKING POC 1 stars

by partywavesec · poc

https://github.com/partywavesec/CVE-2024-54819

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/partywavesec/CVE-2024-55557

[Various Sources] https://www.partywave.site/show/research/cve-2024-54819-i-librarian-server-side-request-forgery

[Patch] https://github.com/mkucej/i-librarian-free/commit/ed36f6f258392fa2ec72f9820661ded75d91accc

Scores

CVSS v3 9.1

EPSS 0.4393

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-918

Status published

Published Jan 07, 2025

Tracked Since Feb 18, 2026