13 matches found
EUVD-2024-1609
Malicious code in bioql PyPI...
CVE-2024-25738
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
GHSA-WX24-VQRG-M6M5 VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
CVE-2024-25738
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
CVE-2024-25737
VuFind 2.4–9.1 (pre-9.1.1) is affected by a Server-Side Request Forgery (SSRF) in the /Cover/Show route (ShowAction in CoverController.php). The vulnerability allows an attacker to proxy arbitrary URLs via the proxy GET parameter, enabling access to internal HTTP services and potentially enabling...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
Open Library Foundation VuFind 安全漏洞
Open Library Foundation VuFind is an open source library resource discovery Discovery system from the Open Library Foundation. A security vulnerability exists in Open Library Foundation VuFind versions 2.4 through prior to 9.1.1, which stems from the presence of a server-side request forgery SSRF...
PT-2024-21119 · Open Library Foundation · Vufind
Name of the Vulnerable Software and Affected Versions: Open Library Foundation VuFind versions 2.4 through 9.1 before 9.1.1 Description: A Server-Side Request Forgery SSRF vulnerability in the "/Cover/Show" route, specifically in the showAction function of CoverController.php, allows remote...