Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-25738

EPSS 0.97% · P77
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-25738

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open Library Foundation VuFind 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open Library Foundation VuFind是Open Library Foundation基金会的一个开源的图书馆资源发现(Discovery)系统。 Open Library Foundation VuFind 2.0版本至9.1.1之前版本存在安全漏洞,该漏洞源于存在服务器端请求伪造(SSRF)漏洞,允许远程攻击者覆盖本地配置文件,从而实现远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2024-25738

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-25738

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-05-22 · 34 CVEs total

CVE-2024-360778.8 HIGHQlik Sense 安全漏洞
CVE-2024-35362Ecshop 安全漏洞
CVE-2024-33221ASUS BIOS Flash Driver 安全漏洞
CVE-2024-33222ASUS ATSZIO Driver 安全漏洞
CVE-2024-33223ASUS GPUTweak II 安全漏洞
CVE-2024-33224Realtek Semiconductor Corp Realtek lO Driver 安全漏洞
CVE-2024-33225Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver 安全漏洞
CVE-2024-33226Wistron Corporation TBT Force Power Control 安全漏洞
CVE-2024-33227Nicomsoft WinI2C/DDC 安全漏洞
CVE-2024-33228Insyde Software Corp SEG Windows Driver 安全漏洞
CVE-2024-33220ASUS AI Suite 安全漏洞
CVE-2024-29392Silverpeas 安全漏洞
CVE-2024-34448Ghost Foundation Ghost 安全漏洞
CVE-2024-29421xmedcon 安全漏洞
CVE-2024-31617Litespeed Technologie OpenLiteSpeed 安全漏洞
CVE-2024-25737Open Library Foundation VuFind 安全漏洞
CVE-2024-35627TileServer GL 安全漏洞
CVE-2024-35551idccms 安全漏洞
CVE-2024-33219ASUS SABERTOOTH X99 Driver 安全漏洞
CVE-2024-33218ASUS USB 安全漏洞

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2024-25738

No comments yet

Leave a comment