CVE-2024-54819

CVSS 9.1 CRITICALEPSS 18.2%CWE-918

Vexday Risk Score

53Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.1EPSS 18.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

30 Dec 2024Public PoC

07 Jan 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

n/a · n/a

public PoCs found — 1

githubgithub.com/partywavesec/CVE-2024-54819★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mkucej/i-librarian-free/commit/ed36f6f258392fa2ec72f9820661ded75d91accc https://github.com/partywavesec/CVE-2024-55557 https://www.partywave.site/show/research/cve-2024-54819-i-librarian-server-side-request-forgery