PT-2024-26871 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress versions up to, and including, 5.8.3 Description: The issue is related to a missing capability check on the pm upload cover image function, allowing...

The vulnerability of the upload-cover-image.pl component in the Koha library process automation software allows a hacker to read arbitrary files.

The vulnerability of the upload-cover-image.pl component in Koha library automation software is related to the lack of filtering for the path passed by the client. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

PT-2023-5947 · Unknown · Koha Library

Name of the Vulnerable Software and Affected Versions: Koha Library Software versions 23.05.04 and before Description: The issue is related to a lack of filtering of the client-supplied path in the upload-cover-image.pl component. This can allow a remote attacker to read arbitrary files. The...