3 matches found
CVE-2013-7435
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fmIDL.xml...
Code injection
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFFLOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL...
CVE-2013-7435
CVE-2013-7435 details (Evergreen ILS) Affected software: Evergreen open-ils.pcrud endpoint (library system) prior to versions 2.5.9, 2.6.x prior to 2.6.7, and 2.7.x prior to 2.7.4. Root cause: a permission gap in fm_IDL.xml enables retrieval of the settings history without proper authorization. I...