Lucene search
K

302 matches found

Vulnrichment
Vulnrichment
added 2026/04/07 12:0 a.m.3 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

6.1AI score0.00478EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/04/06 9:55 a.m.83 views

Exploit for CVE-2024-36058

Koha Library Software CVE ID: CVE-2024-36058 Produ...

6.1AI score0.00478EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS6.1AI score0.00442EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 9:31 a.m.3 views

EUVD-2026-11109

An authenticated SQL Injection vulnerability CWE-89 in the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl in Koha allows a low-privileged staff user to execute arbitrary SQL queries and retrieve sensitive database information...

9CVSS6AI score0.00442EPSS
Exploits0References4
NVD
NVD
added 2026/03/11 7:16 a.m.5 views

CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS0.00442EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/11 6:34 a.m.27 views

CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS0.00442EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 6:34 a.m.1 views

CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS6AI score0.00442EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:34 a.m.2 views

CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS6AI score0.00442EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/11 6:34 a.m.13 views

CVE-2026-31844

CVE-2026-31844 describes an authenticated SQL Injection (CWE-89) vulnerability in the Koha web application, exploitable by a low-privileged staff user via the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl. The issue allows arbitrary SQL queries and access to sensitive database inf...

9CVSS6AI score0.00442EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

Koha 安全漏洞

Koha is a library automation management system developed by the Koha organization. There is a security vulnerability in Koha, which stems from improper validation of the displayby parameter in the /cgi-bin/koha/suggestion/suggestion.pl endpoint. This vulnerability could allow users with low...

9CVSS6AI score0.00442EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.11 views

PT-2026-24589

Name of the Vulnerable Software and Affected Versions Koha affected versions not specified Description An authenticated SQL Injection issue exists in the Koha staff interface. The issue is located in the /cgi-bin/koha/suggestion/suggestion.pl endpoint, specifically due to insufficient validation ...

9CVSS6AI score0.00442EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.4 views

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

5.4CVSS6.3AI score0.00372EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/05 6:31 p.m.4 views

EUVD-2026-9824

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

6.3AI score0.00372EPSS
Exploits1References4
NVD
NVD
added 2026/03/05 4:16 p.m.10 views

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

5.4CVSS0.00372EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.2 views

PT-2026-23454

Name of the Vulnerable Software and Affected Versions Koha versions 25.11 and earlier Description A Cross Site Scripting issue exists in Koha. A remote attacker may be able to execute arbitrary code through the News function. The issue allows for the injection of malicious scripts into web pages...

5.4CVSS6.1AI score0.00372EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/05 12:0 a.m.2 views

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

6.1AI score0.00372EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/05 12:0 a.m.29 views

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

0.00372EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 12:0 a.m.14 views

CVE-2026-26377

CVE-2026-26377: Cross Site Scripting in Koha 25.11 and earlier via the News function. A remote attacker could execute arbitrary code in affected Koha versions. Affected software/component: Koha News feature (Koha 25.11 and earlier). Root cause: cross-site scripting vulnerability in the News funct...

5.4CVSS6.3AI score0.00372EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:0 a.m.5 views

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

6.3AI score0.00372EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.12 views

Koha 安全漏洞

Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained a security vulnerability, which stemmed from a cross-site scripting vulnerability in the News feature. This vulnerability could allow remote attackers to execute arbitrary...

5.4CVSS5.9AI score0.00372EPSS
Exploits1References3
Rows per page
Query Builder