VYPR
Unrated severityNVD Advisory· Published Feb 12, 2024· Updated Sep 29, 2025

CVE-2024-24337

CVE-2024-24337

Description

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Koha/Koha Library Management Systemdescription
  • Koha/Kohallm-fuzzy
    Range: <=23.05.05

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.