SSRF Vulnerability in I, Librarian Version 4.8 and Earlier: Abusing Server Functionality to Access Internal Resources

SSRF Vulnerability in I, Librarian Version 4.8 and Earlier: Abusing Server Functionality to Access Internal Resources

CVE-2018-1000138 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.

Learn more about our Web App Pen Testing.