CVE-2018-1000138

Published March 23rd, 2018

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.

mkucej/i-librarian

Legacy I, Librarian - collaborative PDF manager. Not maintained, new version is at https://github.com/mkucej/i-librarian-free

GitHub