Vulnerabilities > CVE-2018-1000138 - Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811
- https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811
- https://github.com/mkucej/i-librarian/issues/120
- https://github.com/mkucej/i-librarian/issues/120