CRITICAL🇬🇧 English

CVE-2018-1000141

CVSS 9.1v3.1pub. 2018-03-23upd. 2025-12-05

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Scilico I\, Librarian

    APP
    Scilico
    ≤ 4.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-1000138CRITICAL9.1ten sam produkt

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functio...

CVE-2018-1000124CRITICAL10.0ten sam produkt

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154...

CVE-2017-1000237CRITICAL9.8ten sam produkt

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php result...

CVE-2017-1000235CRITICAL9.8ten sam produkt

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web se...

CVE-2024-40500HIGH8.6ten sam produkt

Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to ...