CVE-2018-1000138 Information

Description

I Librarian version 4.8 and earlier contains a SSRF vulnerability in \url\ parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.phpL811 https://github.com/mkucej/i-librarian/issues/120 I Librarian version 4.8 and earlier contains a SSRF vulnerability in \url
parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

9.1