|
Description
|
|
Two vulnerabilities have been reported in Koha, which can be exploited by malicious people to disclose sensitive information.
1) Input passed to the "KohaOpacLanguage" cookie value in cgi-bin/koha/opac-main.pl is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
2) Input passed via the "Referer" HTTP header to help.pl is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerabilities are reported in 3.4.x versions prior to 3.4.7 and 3.6.x versions prior to 3.6.1.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Koha 3.x
|
|
|
|
|
|
Solution
|
|
Update to version 3.4.7 or 3.6.1.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
Koha:
http://koha-community.org/koha-3-4-7/
http://koha-community.org/koha-3-6-1/
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
