Описание
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
Ссылки
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 4.2 (включая)
cpe:2.3:a:koha:liblime_koha:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:koha:koha:3.06.00.000:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:koha:koha:3.04.00:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:3.04.01:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:3.04.02:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:3.04.03:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:3.04.04:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:3.04.05:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:3.04.06:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08052
Низкий
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
debian
около 14 лет назад
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha ...
github
больше 3 лет назад
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
EPSS
Процентиль: 92%
0.08052
Низкий
5 Medium
CVSS2
Дефекты
CWE-22