2017-11-17 04:00:00
mitre
PUBLISHED
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any users password.