CVE-2015-4630

🗓️ 18 Oct 2018 20:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 52 Views🌐 WEB

CVE-2015-4630 Multiple CSRF vulnerabilities in Koha 3.

Reporter	Title	Published	Views	Family All 8
0day.today	Koha 3.20.1 - Multiple XSS and XSRF Vulnerabilities	26 Jun 201500:00	–	zdt
Circl	CVE-2015-4630	19 Oct 201800:23	–	circl
Cvelist	CVE-2015-4630	18 Oct 201820:00	–	cvelist
Exploit DB	Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities	26 Jun 201500:00	–	exploitdb
EUVD	EUVD-2015-4649	7 Oct 202500:30	–	euvd
exploitpack	Koha 3.20.1 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities	26 Jun 201500:00	–	exploitpack
NVD	CVE-2015-4630	18 Oct 201821:29	–	nvd
Prion	Cross site request forgery (csrf)	18 Oct 201821:29	–	prion

NVD

Node

koha kohaRange3.14.00–3.14.16

koha kohaRange3.16.00–3.16.12

koha kohaRange3.18.0–3.18.8

koha kohaRange3.20.00–3.20.1

Source	Link
bugs	www.bugs.koha-community.org/bugzilla3/show_bug.cgi
sba-research	www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
packetstormsecurity	www.packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html
seclists	www.seclists.org/fulldisclosure/2015/Jun/80
koha-community	www.koha-community.org/security-release-koha-3-18-8/
exploit-db	www.exploit-db.com/exploits/37389/
koha-community	www.koha-community.org/security-release-koha-3-20-1/
koha-community	www.koha-community.org/security-release-koha-3-16-12/
koha-community	www.koha-community.org/koha-3-14-16-released/

Parameter	Position	Path	Description	CWE
surname	path	/cgi-bin/koha/members/memberentry.pl	Create a new user via a request to memberentry.pl, leading to potential account creation with elevated privileges.	CWE-352
dateofbirth	path	/cgi-bin/koha/members/memberentry.pl	Create a new user via a request to memberentry.pl, leading to potential account creation with elevated privileges.	CWE-352
userid	path	/cgi-bin/koha/members/memberentry.pl	Create a new user via a request to memberentry.pl, leading to potential account creation with elevated privileges.	CWE-352
password	path	/cgi-bin/koha/members/memberentry.pl	Create a new user via a request to memberentry.pl, leading to potential account creation with elevated privileges.	CWE-352
member	path	/cgi-bin/koha/members/member-flags.pl	Give a user superlibrarian permission via a request to member-flags.pl.	CWE-352
newflags	path	/cgi-bin/koha/members/member-flags.pl	Give a user superlibrarian permission via a request to member-flags.pl.	CWE-352
flag	path	/cgi-bin/koha/members/member-flags.pl	Give a user superlibrarian permission via a request to member-flags.pl.	CWE-352
addshelf	query param	/cgi-bin/koha/opac-shelves.pl	Hijack authentication / perform CSRF via addshelf parameter in opac-shelves.pl (stored XSS/XSRF scenario).	CWE-352

17 Jun 2026 00:27Current

8.5High risk

Vulners AI Score8.5

CVSS 26

CVSS 38

EPSS0.02974