CRITICAL🇬🇧 English

CVE-2018-1000124

CVSS 10.0v3.1pub. 2018-03-13upd. 2025-12-05

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Scilico I\, Librarian

    APP
    Scilico
    ≤ 4.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRFXXE
CWE
Referencje

Powiązane podatności

CVE-2018-1000141CRITICAL9.1ten sam produkt

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php ...

CVE-2018-1000138CRITICAL9.1ten sam produkt

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functio...

CVE-2017-1000237CRITICAL9.8ten sam produkt

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php result...

CVE-2017-1000235CRITICAL9.8ten sam produkt

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web se...

CVE-2024-40500HIGH8.6ten sam produkt

Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to ...

CVE-2018-1000124 — CRITICAL 10.0 | CVEbaza.pl