CVE-2018-1000141

Published: Mar 23, 2018Modified: Dec 5, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

Affected (1)

Products: Scilico: I, Librarian

Scilico

1 product

I, Librarian

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Scilico I, Librarian	Up to 4.9

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/mkucej/i-librarian/issues/124

Source: cve@mitre.org

Third Party Advisory

https://github.com/mkucej/i-librarian/issues/124

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.