Directory traversal

2020-01-2417:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.

CPENameOperatorVersion
kohalt3.08.23
kohage3.10.00
kohalt3.10.13
kohage3.12.00
kohalt3.12.10
kohage3.14.00
kohalt3.14.03

Name	Operator	Version
koha	lt	3.08.23
koha	ge	3.10.00
koha	lt	3.10.13
koha	ge	3.12.00
koha	lt	3.12.10
koha	ge	3.14.00
koha	lt	3.14.03

References

bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661

bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662

koha-community.org/security-release-february-2014/

www.openwall.com/lists/oss-security/2014/02/07/10

www.openwall.com/lists/oss-security/2014/02/10/3