Lucene search

K
githubGitHub Advisory DatabaseGHSA-WX24-VQRG-M6M5
HistoryMay 22, 2024 - 9:30 p.m.

VuFind Server-Side Request Forgery (SSRF) vulnerability

2024-05-2221:30:35
CWE-918
GitHub Advisory Database
github.com
3
server-side request forgery
open library foundation vufind
remote attacker
local configuration files
administrator panel
remote code execution
allow_url_include
php runtime setting
upgrade route
autoconfigure

7.9 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.

Affected configurations

Vulners
Node
vufindRange2.0
OR
vufindRange<9.1.1
CPENameOperatorVersion
vufind/vufindge2.0
vufind/vufindlt9.1.1

7.9 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

Related for GHSA-WX24-VQRG-M6M5