Unrated severityNVD Advisory· Published Oct 18, 2018· Updated Aug 6, 2024
CVE-2015-4633
CVE-2015-4633
Description
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
10- www.exploit-db.com/exploits/37387/mitreexploitx_refsource_EXPLOIT-DB
- bugs.koha-community.org/bugzilla3/show_bug.cgimitrex_refsource_CONFIRM
- bugs.koha-community.org/bugzilla3/show_bug.cgimitrex_refsource_CONFIRM
- koha-community.org/koha-3-14-16-released/mitrex_refsource_CONFIRM
- koha-community.org/security-release-koha-3-16-12/mitrex_refsource_CONFIRM
- koha-community.org/security-release-koha-3-18-8/mitrex_refsource_CONFIRM
- koha-community.org/security-release-koha-3-20-1/mitrex_refsource_CONFIRM
- packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2015/Jun/80mitremailing-listx_refsource_FULLDISC
- www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.