### [CVE-2018-1000124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000124)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.

### POC

#### Reference
- https://github.com/mkucej/i-librarian/issues/116
- https://github.com/mkucej/i-librarian/issues/116

#### Github
No PoCs found on GitHub currently.