Primary

Context

I, Librarian Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in I, Librarian versions prior to and including 5.11.1. The issue arises from improper input validation in the file classes/security/validation.php, allowing attackers to manipulate server-side requests.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server send requests on its behalf. This could potentially be used to access internal services or resources that are not normally exposed to the outside world.

Reproduction

To reproduce this vulnerability, send a request to the application that includes a manipulated link. The server will process this link without proper validation, allowing for internal resources to be accessed or external requests to be made on behalf of the server.

Remediation

Users can update to I, Librarian version 5.11.2 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.0

remediation

0.0

relevance

0.0

threat

7.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.0

remediation

0.0

relevance

0.0

threat

7.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

I, Librarian Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

mkucej i-Librarian

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating