Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
koha koha vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2015-4630
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x prior to 3.14.16, 3.16.x prior to 3.16.12, 3.18.x prior to 3.18.08, and 3.20.x prior to 3.20.1 allow remote malicious users to (1) hijack the authentication of administrators for requests that create a user...
Koha Koha
1 EDB exploit
5.4
CVSSv3
CVE-2015-4631
Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x prior to 3.14.16, 3.16.x prior to 3.16.12, 3.18.x prior to 3.18.08, and 3.20.x prior to 3.20.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (...
Koha Koha
1 EDB exploit
7.5
CVSSv3
CVE-2015-4632
Multiple directory traversal vulnerabilities in Koha 3.14.x prior to 3.14.16, 3.16.x prior to 3.16.12, 3.18.x prior to 3.18.08, and 3.20.x prior to 3.20.1 allow remote malicious users to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1...
Koha Koha
1 EDB exploit
9.8
CVSSv3
CVE-2015-4633
Multiple SQL injection vulnerabilities in Koha 3.14.x prior to 3.14.16, 3.16.x prior to 3.16.12, 3.18.x prior to 3.18.08, and 3.20.x prior to 3.20.1 allow (1) remote malicious users to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC int...
Koha Koha
1 EDB exploit
7.5
CVSSv3
CVE-2023-44961
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote malicious user to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.
Koha-community Koha Library Software
1 Github repository
5.3
CVSSv3
CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote malicious user to read arbitrary files via the upload-cover-image.pl component.
Koha-community Koha Library Software
1 Github repository
7.2
CVSSv3
CVE-2015-10091
A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated...
Bywatersolutions Bywater-koha-xslt
9.4
CVSSv3
CVE-2022-0495
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
Parantezteknoloji Koha Library Automation
NA
CVE-2018-25101
A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"><TEST&...
NA
CVE-2024-24337
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and previous versions allows malicious users to to inject DDE commands into csv exports via the 'Budget' an...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »