6 matches found
CVE-2024-24337
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...
Input validation
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...
CVE-2024-24337
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...
CVE-2024-24337
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...
CVE-2024-24337
CVE-2024-24337 affects Koha Library Management System
PT-2024-3869 · Unknown · Library Management System
Name of the Vulnerable Software and Affected Versions: Koha Library Management System versions 23.05.05 and earlier Description: The issue is related to a lack of neutralization of elements in a CSV file, affecting the components members/moremember.pl and admin/aqbudgets.pl. This allows a remote...