CVE-2017-1000234

Published: Nov 17, 2017Modified: Dec 5, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter

Affected (2)

Products: Scilico: I, Librarian

Scilico

1 product

I, Librarian

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Scilico I, Librarian	Up to 4.6
Scilico I, Librarian	Version 4.7

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.