Koha

Koha

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2015-4633

Exploit
  • EPSS 6.02%
  • Veröffentlicht 18.10.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 02:31:26

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl...

7.5

CVE-2015-4632

Exploit
  • EPSS 51.83%
  • Veröffentlicht 18.10.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 02:31:26

Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path...

5.4

CVE-2015-4631

Exploit
  • EPSS 3.71%
  • Veröffentlicht 18.10.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:31:26

Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-...

8

CVE-2015-4630

Exploit
  • EPSS 2.97%
  • Veröffentlicht 18.10.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:31:26

Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests th...

6.1

CVE-2018-1000670

Exploit
  • EPSS 0.65%
  • Veröffentlicht 06.09.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:22

KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/c...

8.8

CVE-2018-1000669

Exploit
  • EPSS 0.48%
  • Veröffentlicht 06.09.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:22

KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, ...

8.8

CVE-2015-4639

  • EPSS 0.62%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.

4.3

CVE-2014-9446

Exploit
  • EPSS 1.22%
  • Veröffentlicht 02.01.2015 20:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl...

5

CVE-2011-4715

Exploit
  • EPSS 9.38%
  • Veröffentlicht 08.12.2011 19:55:08
  • Zuletzt bearbeitet 16.06.2026 23:35:17

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin...