CSRF Vulnerability in I, Librarian Version 4.8 and Earlier Allows Unauthorized Password Changes

CSRF Vulnerability in I, Librarian Version 4.8 and Earlier Allows Unauthorized Password Changes

CVE-2018-1000137 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.

Learn more about our User Device Pen Test.