Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open Library Foundation VuFind 安全漏洞
Vulnerability Description
Open Library Foundation VuFind是Open Library Foundation基金会的一个开源的图书馆资源发现(Discovery)系统。 Open Library Foundation VuFind 2.0版本至9.1.1之前版本存在安全漏洞,该漏洞源于存在服务器端请求伪造(SSRF)漏洞,允许远程攻击者覆盖本地配置文件,从而实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A