2 matches found
Evergreen Information Disclosure Vulnerability
Evergreen is an open source, highly scalable library system ILS developed by the Evergreen community. The system helps patrons find library materials and helps with library management, organizing catalogs, and distributing those materials, among other things. A security vulnerability exists in th...
Code injection
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFFLOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL...