Sql injection

2020-01-2417:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924.

CPENameOperatorVersion
kohalt3.08.23
kohage3.10.00
kohalt3.10.13
kohage3.12.00
kohalt3.12.10
kohage3.14.00
kohalt3.14.03

Name	Operator	Version
koha	lt	3.08.23
koha	ge	3.10.00
koha	lt	3.10.13
koha	ge	3.12.00
koha	lt	3.12.10
koha	ge	3.14.00
koha	lt	3.14.03

References

bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666

koha-community.org/security-release-february-2014/

www.openwall.com/lists/oss-security/2014/02/07/10

www.openwall.com/lists/oss-security/2014/02/10/3