Vulnerability Details CVE-2018-1000138
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811
- https://github.com/mkucej/i-librarian/issues/120
- https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811
- https://github.com/mkucej/i-librarian/issues/120
Products affected by CVE-2018-1000138
-
cpe:2.3:a:i-librarian:i_librarian:3.0
-
cpe:2.3:a:i-librarian:i_librarian:3.1
-
cpe:2.3:a:i-librarian:i_librarian:3.2
-
cpe:2.3:a:i-librarian:i_librarian:3.2.1
-
cpe:2.3:a:i-librarian:i_librarian:3.3
-
cpe:2.3:a:i-librarian:i_librarian:3.4
-
cpe:2.3:a:i-librarian:i_librarian:3.4.1
-
cpe:2.3:a:i-librarian:i_librarian:3.5
-
cpe:2.3:a:i-librarian:i_librarian:4.0
-
cpe:2.3:a:i-librarian:i_librarian:4.1
-
cpe:2.3:a:i-librarian:i_librarian:4.2
-
cpe:2.3:a:i-librarian:i_librarian:4.3
-
cpe:2.3:a:i-librarian:i_librarian:4.4
-
cpe:2.3:a:i-librarian:i_librarian:4.5
-
cpe:2.3:a:i-librarian:i_librarian:4.6
-
cpe:2.3:a:i-librarian:i_librarian:4.7
-
cpe:2.3:a:i-librarian:i_librarian:4.8