I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
References
Link | Resource |
---|---|
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-11-16 20:29
Updated : 2017-11-29 11:35
NVD link : CVE-2017-1000235
Mitre link : CVE-2017-1000235
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
i-librarian
- i_librarian