Koha Library Software Security Vulnerabilities and Issues — Koha Library Software CVE List

Lucene search

Koha-communityKoha Library Software

4 matches found

CVE•added 2024/02/12 10:15 p.m.•70 views

CVE-2024-24337

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.

8.8CVSS7.2AI score0.01696EPSS

CVE•added 2023/10/11 7:15 p.m.•56 views

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.

7.5CVSS7.7AI score0.06156EPSS

CVE•added 2024/03/19 9:15 p.m.•39 views

CVE-2024-24336

A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and pa...

8.1CVSS6AI score0.00133EPSS

CVE•added 2023/10/11 7:15 p.m.•37 views

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.

5.3CVSS5.3AI score0.03189EPSS