CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

PT-2026-24589

Name of the Vulnerable Software and Affected Versions Koha affected versions not specified Description An authenticated SQL Injection issue exists in the Koha staff interface. The issue is located in the /cgi-bin/koha/suggestion/suggestion.pl endpoint, specifically due to insufficient validation ...

EUVD-2015-4652

Malware in sbrugna...

CVE-2015-4633

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow 1 remote attackers to execute arbitrary SQL commands via the number parameter to opac-tagssubject.pl in the OPAC interface or 2 remote authenticated...

CVE-2015-4633

CVE-2015-4633 affects Koha ILS across multiple releases (notably 3.14.x up to 3.14.16, 3.16.x up to 3.16.12, 3.18.x up to 3.18.08, and 3.20.x up to 3.20.1). Vulnerability details show two SQL injection vectors: (1) unauthenticated injection via the number parameter to opac-tags_subject.pl in the ...