VYPR
Unrated severityNVD Advisory· Published Oct 18, 2018· Updated Aug 6, 2024

CVE-2015-4633

CVE-2015-4633

Description

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Koha/Kohainferred2 versions
    >=3.14,<3.14.16 || >=3.16,<3.16.12 || >=3.18,<3.18.08 || >=3.20,<3.20.1+ 1 more
    • (no CPE)range: >=3.14,<3.14.16 || >=3.16,<3.16.12 || >=3.18,<3.18.08 || >=3.20,<3.20.1
    • (no CPE)range: >=3.14 <3.14.16 || >=3.16 <3.16.12 || >=3.18 <3.18.08 || >=3.20 <3.20.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.