VYPR
Unrated severityNVD Advisory· Published Oct 18, 2018· Updated Aug 6, 2024

CVE-2015-4632

CVE-2015-4632

Description

Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Koha/Kohainferred2 versions
    >=3.14.0,<3.14.16 || >=3.16.0,<3.16.12 || >=3.18.0,<3.18.08 || >=3.20.0,<3.20.1+ 1 more
    • (no CPE)range: >=3.14.0,<3.14.16 || >=3.16.0,<3.16.12 || >=3.18.0,<3.18.08 || >=3.20.0,<3.20.1
    • (no CPE)range: >=3.14.0, <3.14.16 || >=3.16.0, <3.16.12 || >=3.18.0, <3.18.08 || >=3.20.0, <3.20.1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.