{"id":"CVE-2017-1000237","details":"I, Librarian version \u003c=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.","modified":"2026-02-19T01:10:31.573338Z","published":"2017-11-17T04:29:00.467Z","references":[{"type":"ADVISORY","url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"},{"type":"EVIDENCE","url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mkucej/i-librarian","events":[{"introduced":"0"},{"last_affected":"2e510347cd09a44b9f6b95f5e5bc4d88b79f7658"}]}],"versions":["3.0","3.1","3.2","3.2.1","3.3","3.4","3.4.1","3.5","4.0","4.1","4.2","4.3","4.4","4.5","4.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000237.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}