Koha "KohaOpacLanguage" Local File Inclusion Vulnerability


Description   Akin Tosunlar has discovered a vulnerability in Koha, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "KohaOpacLanguage" cookie value in cgi-bin/koha/mainpage.pl is not properly verified in cgi-bin/opac/opac-main.pl before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerability is confirmed in version 4.02.06. Other versions may also be affected.
     
Vulnerable Products   Vulnerable Software:
Koha 4.x
     
Solution   Fixed in the GIT repository.https://github.com/liblime/LibLime-Koha/commit/f89b31c69de853be3010d28956dae621b8285354
     
CVE   CVE-2011-4715
     
References   Vigasis Labs:
http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&
lnk=exploits/18153
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
Escaped NULL char in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2011-11-25 

 Target Type 
Server 

 Possible exploit 
Remote