EUVD-2015-4652

Malware in sbrugna...

sokrates Sokrates SOWA SowaSQL Cross-Site Scripting Vulnerability

sokrates Sokrates SOWA SowaSQL is an administrative database applied to the library environment by the Polish company sokrates. A cross-site scripting vulnerability exists in Sokrates SOWA SowaSQL version 5.6.1 and earlier versions, which originates from the sowacgi.php typ parameter, OPAC is...

CVE-2015-4633

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow 1 remote attackers to execute arbitrary SQL commands via the number parameter to opac-tagssubject.pl in the OPAC interface or 2 remote authenticated...

CVE-2015-4633

CVE-2015-4633 affects Koha ILS across multiple releases (notably 3.14.x up to 3.14.16, 3.16.x up to 3.16.12, 3.18.x up to 3.18.08, and 3.20.x up to 3.20.1). Vulnerability details show two SQL injection vectors: (1) unauthenticated injection via the number parameter to opac-tags_subject.pl in the ...

Koha ILS 3.20.x CSRF / XSS / Traversal / SQL Injection

=============================================================================================== SBA Research Vulnerability Disclosure =============================================================================================== title: Koha Unauthenticated SQL injection product: Koha ILS affecte...