CVE-2018-1000141

Published March 23rd, 2018

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

mkucej/i-librarian

Legacy I, Librarian - collaborative PDF manager. Not maintained, new version is at https://github.com/mkucej/i-librarian-free

GitHub