Sql injection

2020-01-2417:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

CPENameOperatorVersion
kohalt3.08.23
kohage3.10.00
kohalt3.10.13
kohage3.12.00
kohalt3.12.10
kohage3.14.00
kohalt3.14.03

Name	Operator	Version
koha	lt	3.08.23
koha	ge	3.10.00
koha	lt	3.10.13
koha	ge	3.12.00
koha	lt	3.12.10
koha	ge	3.14.00
koha	lt	3.14.03

References

bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666

koha-community.org/security-release-february-2014/

www.openwall.com/lists/oss-security/2014/02/07/10

www.openwall.com/lists/oss-security/2014/02/10/3