I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user’s password.
CPE | Name | Operator | Version |
---|---|---|---|
i-librarian | eq | 4.2 | |
i-librarian | eq | 4.5 | |
i-librarian | eq | 4.4 | |
i-librarian | eq | 3.4.1 | |
i-librarian | eq | 3.2.1 | |
i-librarian | eq | 4.0 | |
i-librarian | eq | 4.1 | |
i-librarian | eq | 3.3 | |
i-librarian | eq | 3.5 | |
i-librarian | eq | 3.1 |