CVE-2014-5138

Name of the Vulnerable Software and Affected Versions Innovative Interfaces Sierra Library Services Platform version 1.2 3

Description The issue arises from improper handling of query strings with multiple instances of the same parameter, allowing remote attackers to bypass parameter validation. This is possibly related to the Webpac Pro submodule.

Recommendations For Innovative Interfaces Sierra Library Services Platform version 1.2 3, consider restricting access to the Webpac Pro submodule until a patch is available. As a temporary workaround, avoid using query strings with multiple instances of the same parameter in the affected API endpoints.