vufind/vufind is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to the /Upgrade/FixConfig route, which allows remote attackers to overwrite local configuration files.
CPE | Name | Operator | Version |
---|---|---|---|
vufind/vufind | le | v9.1 | |
vufind/vufind | le | v9.1 |