89 matches found
CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-44961
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...
CVE-2023-44961
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...
CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-44961
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...
Unrestricted file upload
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-44961
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...
CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-44962
CVE-2023-44962 affects Koha Library Software versions 23.05.04 and earlier. The root cause is lack of filtering of the client-supplied path in the upload-cover-image.pl component, enabling an attacker to read arbitrary files. The PT-2023-5947 advisory adds detail: exploitation can involve uploadi...
PT-2023-29323 · Unknown · Koha Library
Name of the Vulnerable Software and Affected Versions: Koha Library Software versions 23.0.5.04 and before Description: The issue allows a remote attacker to obtain sensitive information via the "intranet/cgi-bin/cataloging/ysearch.pl" component. This is a SQL Injection vulnerability...
CVE-2023-44961
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...
Koha Code Issue Vulnerability
Koha is a Koha organization's system for building websites for automated library management. A security vulnerability exists in Koha Library Software version 23.0.5.04 and earlier that could allow a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-44961
Koha Library Software (version 23.0.5.04 and earlier) is affected by a SQL Injection in the intranet/cgi-bin/cataloging/ysearch.pl component. The underlying issue allows a remote attacker to obtain sensitive information. The CVE is described across multiple sources as a SQL injection vulnerabilit...
PT-2023-5947 · Unknown · Koha Library
Name of the Vulnerable Software and Affected Versions: Koha Library Software versions 23.05.04 and before Description: The issue is related to a lack of filtering of the client-supplied path in the upload-cover-image.pl component. This can allow a remote attacker to read arbitrary files. The...
KOHA Cross-Site Scripting Vulnerability
KOHA is a library automation system product by Parantez Teknoloji Individual Developer A cross-site scripting vulnerability exists in KOHA version 23.05.03 and earlier, which stems from a cross-site scripting XSS vulnerability in the component MARC...
CVE-2022-0495
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01...
Koha Library Software 18.1106000 Open Redirection
Exploit Title : Koha Library Software 18.1106000 Tracklinks Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 19/06/2019 Vendor Homepage : koha.org - koha-community.org Software Download Link : download.koha-community.org...
Cross site request forgery (csrf)
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...