302 matches found
CVE-2024-36058
The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...
Exploit for CVE-2024-36058
Koha Library Software CVE ID: CVE-2024-36058 Produ...
CVE-2026-31844
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
EUVD-2026-11109
An authenticated SQL Injection vulnerability CWE-89 in the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl in Koha allows a low-privileged staff user to execute arbitrary SQL queries and retrieve sensitive database information...
CVE-2026-31844
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2026-31844
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2026-31844
CVE-2026-31844 describes an authenticated SQL Injection (CWE-89) vulnerability in the Koha web application, exploitable by a low-privileged staff user via the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl. The issue allows arbitrary SQL queries and access to sensitive database inf...
Koha 安全漏洞
Koha is a library automation management system developed by the Koha organization. There is a security vulnerability in Koha, which stems from improper validation of the displayby parameter in the /cgi-bin/koha/suggestion/suggestion.pl endpoint. This vulnerability could allow users with low...
PT-2026-24589
Name of the Vulnerable Software and Affected Versions Koha affected versions not specified Description An authenticated SQL Injection issue exists in the Koha staff interface. The issue is located in the /cgi-bin/koha/suggestion/suggestion.pl endpoint, specifically due to insufficient validation ...
CVE-2026-26377
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...
EUVD-2026-9824
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...
CVE-2026-26377
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...
PT-2026-23454
Name of the Vulnerable Software and Affected Versions Koha versions 25.11 and earlier Description A Cross Site Scripting issue exists in Koha. A remote attacker may be able to execute arbitrary code through the News function. The issue allows for the injection of malicious scripts into web pages...
CVE-2026-26377
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...
CVE-2026-26377
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...
CVE-2026-26377
CVE-2026-26377: Cross Site Scripting in Koha 25.11 and earlier via the News function. A remote attacker could execute arbitrary code in affected Koha versions. Affected software/component: Koha News feature (Koha 25.11 and earlier). Root cause: cross-site scripting vulnerability in the News funct...
CVE-2026-26377
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...
Koha 安全漏洞
Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained a security vulnerability, which stemmed from a cross-site scripting vulnerability in the News feature. This vulnerability could allow remote attackers to execute arbitrary...