Lucene search

K
cvelistMitreCVELIST:CVE-2024-25738
HistoryJan 01, 1976 - 12:00 a.m.

CVE-2024-25738

1976-01-0100:00:00
mitre
www.cve.org

7.1 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.

7.1 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

Related for CVELIST:CVE-2024-25738