Directory Traversal Vulnerability in Koha Library Management System
CVE-2011-4715

Currently unrated

Key Information:

Vendor: Koha
Status: Liblime Koha
Vendor: CVE Published:; 8 December 2011

Summary

A directory traversal vulnerability exists in the Koha Library Management System, specifically in the cgi-bin/koha/mainpage.pl script. This flaw allows remote attackers to exploit the system by manipulating the KohaOpacLanguage cookie to perform directory traversal attacks. By sending controlled requests, attackers can gain unauthorized access to arbitrary files on the server. This issue affects Koha versions prior to 3.4.7 and 3.6.1 and impacts LibLime Koha 4.2 and earlier, making it critical for users to implement security measures and update their systems to prevent potential exploits.

References

http://www.securityfocus.com/bid/50812

vdb-entryx_refsource_BID

http://koha-community.org/koha-3-6-1/#more-2929

x_refsource_CONFIRM

http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha...

x_refsource_MISC

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 8, 2011
Vulnerability Reserved
Dec 8, 2011