Lucene search
K

89 matches found

NVD
NVD
added 2023/10/11 7:15 p.m.19 views

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

5.3CVSS5.3AI score0.00956EPSS
Exploits1References1
OSV
OSV
added 2023/10/11 7:15 p.m.3 views

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...

7.5CVSS5.9AI score0.01099EPSS
Exploits1References1
NVD
NVD
added 2023/10/11 7:15 p.m.11 views

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...

7.5CVSS7.7AI score0.01099EPSS
Exploits1References1
OSV
OSV
added 2023/10/11 7:15 p.m.4 views

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

5.3CVSS5.9AI score0.00956EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/11 7:15 p.m.3 views

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

5.3CVSS5.9AI score0.00956EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/11 7:15 p.m.6 views

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...

7.5CVSS6AI score0.01099EPSS
Exploits1References2
Prion
Prion
added 2023/10/11 7:15 p.m.17 views

Unrestricted file upload

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

5CVSS5.3AI score0.00956EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/11 12:0 a.m.18 views

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...

7.5AI score0.01099EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/11 12:0 a.m.12 views

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

7AI score0.00956EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/10/11 12:0 a.m.23 views

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

5.6AI score0.00956EPSS
Exploits1References1
CVE
CVE
added 2023/10/11 12:0 a.m.50 views

CVE-2023-44962

CVE-2023-44962 affects Koha Library Software versions 23.05.04 and earlier. The root cause is lack of filtering of the client-supplied path in the upload-cover-image.pl component, enabling an attacker to read arbitrary files. The PT-2023-5947 advisory adds detail: exploitation can involve uploadi...

5.3CVSS5.3AI score0.00956EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.6 views

PT-2023-29323 · Unknown · Koha Library

Name of the Vulnerable Software and Affected Versions: Koha Library Software versions 23.0.5.04 and before Description: The issue allows a remote attacker to obtain sensitive information via the "intranet/cgi-bin/cataloging/ysearch.pl" component. This is a SQL Injection vulnerability...

7.5CVSS7.6AI score0.01099EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/10/11 12:0 a.m.22 views

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...

7.9AI score0.01099EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/11 12:0 a.m.4 views

Koha Code Issue Vulnerability

Koha is a Koha organization's system for building websites for automated library management. A security vulnerability exists in Koha Library Software version 23.0.5.04 and earlier that could allow a remote attacker to read arbitrary files via the upload-cover-image.pl component...

5.3CVSS6.8AI score0.00956EPSS
Exploits1References2
CVE
CVE
added 2023/10/11 12:0 a.m.88 views

CVE-2023-44961

Koha Library Software (version 23.0.5.04 and earlier) is affected by a SQL Injection in the intranet/cgi-bin/cataloging/ysearch.pl component. The underlying issue allows a remote attacker to obtain sensitive information. The CVE is described across multiple sources as a SQL injection vulnerabilit...

7.5CVSS7.7AI score0.01099EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/05 12:0 a.m.6 views

PT-2023-5947 · Unknown · Koha Library

Name of the Vulnerable Software and Affected Versions: Koha Library Software versions 23.05.04 and before Description: The issue is related to a lack of filtering of the client-supplied path in the upload-cover-image.pl component. This can allow a remote attacker to read arbitrary files. The...

10CVSS5.1AI score0.00956EPSS
Exploits1References13
CNNVD
CNNVD
added 2023/09/17 12:0 a.m.5 views

KOHA Cross-Site Scripting Vulnerability

KOHA is a library automation system product by Parantez Teknoloji Individual Developer A cross-site scripting vulnerability exists in KOHA version 23.05.03 and earlier, which stems from a cross-site scripting XSS vulnerability in the component MARC...

5.4CVSS5.8AI score0.00539EPSS
Exploits1References5
OSV
OSV
added 2022/09/21 9:15 a.m.2 views

CVE-2022-0495

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01...

9.4CVSS5.8AI score0.00638EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/06/20 12:0 a.m.216 views

Koha Library Software 18.1106000 Open Redirection

Exploit Title : Koha Library Software 18.1106000 Tracklinks Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 19/06/2019 Vendor Homepage : koha.org - koha-community.org Software Download Link : download.koha-community.org...

0.1AI score
Exploits0
Prion
Prion
added 2018/09/06 7:29 p.m.15 views

Cross site request forgery (csrf)

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

6.8CVSS8.8AI score0.00481EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder