Medium severity6.5NVD Advisory· Published Feb 1, 2018· Updated Jun 17, 2026
CVE-2013-7435
CVE-2013-7435
Description
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
7- bugs.launchpad.net/evergreen/+bug/1206589nvdIssue TrackingPatch
- www.openwall.com/lists/oss-security/2015/03/04/3nvdIssue TrackingMailing ListThird Party Advisory
- evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9nvdIssue TrackingRelease Notes
- evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7nvdIssue TrackingRelease Notes
- evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4nvdIssue TrackingRelease Notes
- evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/nvdIssue TrackingRelease Notes
- git.evergreen-ils.orgnvd
News mentions
0No linked articles in our index yet.