Filtered by vendor Koha
Subscriptions
Filtered by product Koha
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1924 | 1 Koha | 1 Koha | 2024-11-21 | 9.8 Critical |
| The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | ||||
| CVE-2014-1923 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2014-1922 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2024-28740 | 1 Koha | 1 Koha | 2024-08-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. | ||||
| CVE-2024-28739 | 1 Koha | 1 Koha | 2024-08-12 | 9.6 Critical |
| An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. | ||||