Lucene search
K

89 matches found

CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

Koha Library Management System 安全漏洞

Koha Library Management System is an open-source library automation system developed by Koha. Versions of the Koha Library Management System prior to 23.05.10 contained security vulnerabilities. These vulnerabilities stemmed from the lack of cleaning user-controllable file names before...

9.8CVSS6.2AI score0.01803EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/07 12:0 a.m.3 views

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

6.1AI score0.01803EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 12:0 a.m.19 views

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

0.01803EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 12:0 a.m.3 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

6.1AI score0.00478EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30881

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

6.1AI score0.00478EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/07 12:0 a.m.3 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

6.1AI score0.00478EPSS
Exploits1References4
CVE
CVE
added 2026/04/07 12:0 a.m.7 views

CVE-2024-36057

CVE-2024-36057 affects Koha Library prior to 23.05.10. The vulnerability stems from insufficient sanitization of user-controlled filenames before unzipping, allowing command injection via the shell in the unzip invocation within upload-cover-image.pl (example: the code executes qx/unzip $filename...

9.8CVSS6.1AI score0.01803EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/06 9:55 a.m.82 views

Exploit for CVE-2024-36058

Koha Library Software CVE ID: CVE-2024-36058 Produ...

6.1AI score0.00478EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:0 a.m.5 views

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

6.3AI score0.00372EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.12 views

Koha 安全漏洞

Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained a security vulnerability, which stemmed from a cross-site scripting vulnerability in the News feature. This vulnerability could allow remote attackers to execute arbitrary...

5.4CVSS5.9AI score0.00372EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:16 p.m.8 views

CVE-2018-1000670

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...

6.1CVSS6.3AI score0.00648EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:16 p.m.8 views

CVE-2018-1000669

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

8.8CVSS7.2AI score0.00481EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-1999

Malware in sbrugna...

6.1CVSS6.3AI score0.00648EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-1998

Malware in sbrugna...

8.8CVSS8.8AI score0.00481EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22709

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00488EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-49284

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01099EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-49285

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00956EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-15632

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00638EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/27 12:20 a.m.10 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2025/07/25 3:15 p.m.5 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

8.8CVSS0.00488EPSS
Exploits0References1
Rows per page
Query Builder