Server-Side Request Forgery in I, Librarian <=4.6 & 4.7: Password Reset Vulnerability

Server-Side Request Forgery in I, Librarian <=4.6 & 4.7: Password Reset Vulnerability

CVE-2017-1000237 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

Learn more about our Cis Benchmark Audit For Server Software.