GHSA-wx24-vqrg-m6m5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wx24-vqrg-m6m5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wx24-vqrg-m6m5/GHSA-wx24-vqrg-m6m5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wx24-vqrg-m6m5
- Aliases
-
- CVE-2024-25738
- Published
- 2024-05-22T21:30:35Z
- Modified
- 2024-05-23T14:57:01.897065Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- VuFind Server-Side Request Forgery (SSRF) vulnerability
- Details
-
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allowurlinclude PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.
- Database specific
{ "nvd_published_at": "2024-05-22T19:15:08Z", "cwe_ids": [ "CWE-918" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-05-23T14:20:46Z" }- References
Affected packages
Packagist / vufind/vufind
Package
- Name
- vufind/vufind
- Purl
- pkg:composer/vufind/vufind
Affected versions
v2.*
v2.0
v2.0.1
v2.1
v2.1.1
v2.2
v2.2.1
v2.3
v2.3.1
v2.4
v2.4.1
v2.5
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v3.*
v3.0
v3.0.1
v3.0.2
v3.0.3
v3.1
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v4.*
v4.0
v4.0.1
v4.1
v4.1.1
v4.1.2
v4.1.3
v5.*
v5.0
v5.0.1
v5.1
v5.1.1
v6.*
v6.0
v6.0.1
v6.1
v6.1.1
v6.1.2
v7.*
v7.0
v7.0.1
v7.0.2
v7.1
v7.1.1
v8.*
v8.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1
v8.1.1
v8.1.2
v9.*
v9.0
v9.0.1
v9.0.2
v9.0.3
v9.1