Multiple directory traversal vulnerabilities in Koha 3.14.x prior to 3.14.16, 3.16.x prior to 3.16.12, 3.18.x prior to 3.18.08, and 3.20.x prior to 3.20.1 allow remote malicious users to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
koha koha |