Unrated severityNVD Advisory· Published Feb 12, 2024· Updated Sep 29, 2025
CVE-2024-24337
CVE-2024-24337
Description
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Koha/Koha Library Management Systemdescription
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.