Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 prior to 3.4.7 and 3.6 prior to 3.6.1, and LibLime Koha 4.2 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
koha liblime koha |
||
koha koha 3.06.00.000 |
||
koha koha 3.04.04 |
||
koha koha 3.04.03 |
||
koha koha 3.04.02 |
||
koha koha 3.04.01 |
||
koha koha 3.04.00 |
||
koha koha 3.04.06 |
||
koha koha 3.04.05 |