Koha Security Vulnerabilities and Issues — Koha CVE List

Lucene search

KohaKoha

4 matches found

CVE•added 2018/10/18 9:29 p.m.•61 views

CVE-2015-4632

Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2...

7.5CVSS7.6AI score0.81246EPSS

Web

CVE•added 2025/03/16 3:15 a.m.•55 views

CVE-2025-30076

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.

7.7CVSS7.8AI score0.00026EPSS

Web

CVE•added 2020/01/24 5:15 p.m.•45 views

CVE-2014-1922

Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.

7.5CVSS7.8AI score0.0092EPSS

CVE•added 2020/01/24 5:15 p.m.•38 views

CVE-2014-1923

Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.

7.5CVSS8.1AI score0.02419EPSS