VYPR
Unrated severityNVD Advisory· Published Dec 8, 2011· Updated Jun 16, 2026

CVE-2011-4715

CVE-2011-4715

Description

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Koha/Koha9 versions
    cpe:2.3:a:koha:koha:3.04.00:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:koha:koha:3.04.00:*:*:*:*:*:*:*
    • cpe:2.3:a:koha:koha:3.04.01:*:*:*:*:*:*:*
    • cpe:2.3:a:koha:koha:3.04.02:*:*:*:*:*:*:*
    • cpe:2.3:a:koha:koha:3.04.03:*:*:*:*:*:*:*
    • cpe:2.3:a:koha:koha:3.04.04:*:*:*:*:*:*:*
    • cpe:2.3:a:koha:koha:3.04.05:*:*:*:*:*:*:*
    • cpe:2.3:a:koha:koha:3.04.06:*:*:*:*:*:*:*
    • cpe:2.3:a:koha:koha:3.06.00.000:*:*:*:*:*:*:*
    • (no CPE)range: 3.4 < 3.4.7, 3.6 < 3.6.1
  • cpe:2.3:a:koha:liblime_koha:*:*:*:*:*:*:*:*
    Range: <=4.2
  • LibLime/Kohallm-create
    Range: <= 4.2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.