Unrated severityNVD Advisory· Published Oct 18, 2018· Updated Aug 6, 2024
CVE-2015-4632
CVE-2015-4632
Description
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=3.14.0,<3.14.16 || >=3.16.0,<3.16.12 || >=3.18.0,<3.18.08 || >=3.20.0,<3.20.1+ 1 more
- (no CPE)range: >=3.14.0,<3.14.16 || >=3.16.0,<3.16.12 || >=3.18.0,<3.18.08 || >=3.20.0,<3.20.1
- (no CPE)range: >=3.14.0, <3.14.16 || >=3.16.0, <3.16.12 || >=3.18.0, <3.18.08 || >=3.20.0, <3.20.1
Patches
Vulnerability mechanics
References
9- www.exploit-db.com/exploits/37388/mitreexploitx_refsource_EXPLOIT-DB
- bugs.koha-community.org/bugzilla3/show_bug.cgimitrex_refsource_CONFIRM
- koha-community.org/koha-3-14-16-released/mitrex_refsource_CONFIRM
- koha-community.org/security-release-koha-3-16-12/mitrex_refsource_CONFIRM
- koha-community.org/security-release-koha-3-18-8/mitrex_refsource_CONFIRM
- koha-community.org/security-release-koha-3-20-1/mitrex_refsource_CONFIRM
- packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2015/Jun/80mitremailing-listx_refsource_FULLDISC
- www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.