EUVD-2024-1844

Malicious code in bioql PyPI...

EUVD-2024-1609

Malicious code in bioql PyPI...

CVE-2024-25738

A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...

CVE-2024-25737

A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...

CVE-2024-25737

A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...

CVE-2024-25737

A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...

Open Library Foundation VuFind 安全漏洞

Open Library Foundation VuFind is an open source library resource discovery Discovery system from the Open Library Foundation. A security vulnerability exists in Open Library Foundation VuFind version 2.0 through versions prior to 9.1.1, which stems from the presence of a server-side request...

PT-2024-21120 · Open Library Foundation · Vufind

Name of the Vulnerable Software and Affected Versions: Open Library Foundation VuFind versions 2.0 through 9.1 before 9.1.1 Description: A Server-Side Request Forgery SSRF vulnerability in the "/Upgrade/FixConfig" route allows a remote attacker to overwrite local configuration files to gain acces...