CVE-2023-44961

Опубликовано: 11 окт. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.

Ссылки

https://github.com/ggb0n/CVE-2023-44961
Exploit
Third Party Advisory
https://github.com/ggb0n/CVE-2023-44961
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:koha-community:koha_library_software:*:*:*:*:*:*:*:*

Версия до 23.05.04 (включая)

EPSS

Процентиль: 91%

0.06156

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-44961

CVSS3: 7.5

debian

больше 2 лет назад

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and bef ...

GHSA-wxx4-6h56-vw65

CVSS3: 7.5

github

больше 2 лет назад

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.

EPSS

Процентиль: 91%

0.06156

Низкий

7.5 High

CVSS3

Дефекты

CWE-89