CVE-2017-1000237

CVE-2017-1000237

EPSS 1.6%

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt