CVE-2015-4633

Опубликовано: 18 окт. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.

Ссылки

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
Exploit
Issue Tracking
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
Exploit
Issue Tracking
Third Party Advisory
https://koha-community.org/koha-3-14-16-released/
Release Notes
https://koha-community.org/security-release-koha-3-16-12/
Release Notes
https://koha-community.org/security-release-koha-3-18-8/
Release Notes
https://koha-community.org/security-release-koha-3-20-1/
Release Notes
https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2015/Jun/80
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/37387/
Exploit
Third Party Advisory
VDB Entry
https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
Exploit
Release Notes
Third Party Advisory
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
Exploit
Issue Tracking
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
Exploit
Issue Tracking
Third Party Advisory
https://koha-community.org/koha-3-14-16-released/
Release Notes
https://koha-community.org/security-release-koha-3-16-12/
Release Notes
https://koha-community.org/security-release-koha-3-18-8/
Release Notes
https://koha-community.org/security-release-koha-3-20-1/
Release Notes
https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2015/Jun/80
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/37387/
Exploit
Third Party Advisory
VDB Entry
https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
Exploit
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*

Версия от 3.14.00 (включая) до 3.14.16 (исключая)

cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*

Версия от 3.16.00 (включая) до 3.16.12 (исключая)

cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*

Версия от 3.18.00 (включая) до 3.18.08 (исключая)

cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*

Версия от 3.20.00 (включая) до 3.20.01 (исключая)

EPSS

Процентиль: 88%

0.0388

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2015-4633

CVSS3: 9.8

debian

больше 7 лет назад

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, ...

GHSA-xv5q-r8xx-69mw

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 88%

0.0388

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89