Vulnerabilities > CVE-2017-1000237 - Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
i-librarian
CWE-918

Summary

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

Common Weakness Enumeration (CWE)