9 matches found
CVE-2026-31844
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
EUVD-2026-11109
An authenticated SQL Injection vulnerability CWE-89 in the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl in Koha allows a low-privileged staff user to execute arbitrary SQL queries and retrieve sensitive database information...
CVE-2026-31844
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2026-31844
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2026-31844
CVE-2026-31844 describes an authenticated SQL Injection (CWE-89) vulnerability in the Koha web application, exploitable by a low-privileged staff user via the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl. The issue allows arbitrary SQL queries and access to sensitive database inf...
CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
PT-2026-24589
Name of the Vulnerable Software and Affected Versions Koha affected versions not specified Description An authenticated SQL Injection issue exists in the Koha staff interface. The issue is located in the /cgi-bin/koha/suggestion/suggestion.pl endpoint, specifically due to insufficient validation ...
Koha 安全漏洞
Koha is a library automation management system developed by the Koha organization. There is a security vulnerability in Koha, which stems from improper validation of the displayby parameter in the /cgi-bin/koha/suggestion/suggestion.pl endpoint. This vulnerability could allow users with low...