ID

VAR-190001-0112


TITLE

Koha 'help.pl' Local file contains vulnerabilities

Trust: 0.8

sources: IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5413

DESCRIPTION

Koha, the first open source library automation system, was born in 1999. Koha was originally designed to target the smallest hardware resources. Koha's 'help.pl' file is prone to injection vulnerabilities. An attacker could exploit this vulnerability to view local files and execute scripts under the web server process. There may be further danger of attack. A remote attacker successfully exploited this vulnerability to execute arbitrary code, which could cause a denial of service if the exploit failed. Koha is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks. Koha 3.4.x prior to 3.4.7 and 3.6.x prior to 3.6.1 are vulnerable

Trust: 0.99

sources: CNVD: CNVD-2011-5413 // BID: 51004 // IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5413

AFFECTED PRODUCTS

vendor:kohamodel:library software community kohascope:eqversion:3.6

Trust: 0.9

vendor:kohamodel:library software community kohascope:eqversion:3.4.6

Trust: 0.9

vendor:kohamodel:library software community kohascope:eqversion:3.4.1

Trust: 0.9

vendor:kohamodel:library software community kohascope:eqversion:3.4.2

Trust: 0.9

vendor:kohamodel:library software communityscope:eqversion:*

Trust: 0.8

vendor:kohamodel:library software community kohascope:neversion:3.6.1

Trust: 0.3

vendor:kohamodel:library software community kohascope:neversion:3.4.7

Trust: 0.3

vendor:kohamodel:library software community kohascope:neversion:3.2.11

Trust: 0.3

vendor:kohamodel: - scope:eqversion:3.6*

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.4.6*

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.4.1*

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.4.2

Trust: 0.2

sources: IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5413 // BID: 51004

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-158

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 51004

PATCH

title:Koha 'help.pl' patch for local file injection vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/6432

Trust: 0.6

sources: CNVD: CNVD-2011-5413

EXTERNAL IDS

db:BIDid:51004

Trust: 1.5

db:CNVDid:CNVD-2011-5413

Trust: 0.8

db:CNNVDid:CNNVD-201112-158

Trust: 0.6

db:IVDid:7B03B6EE-1F7A-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 7b03b6ee-1f7a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5413 // BID: 51004 // CNNVD: CNNVD-201112-158

REFERENCES

url:http://www.securityfocus.com/bid/51004/info

Trust: 0.6

url:http://www.securityfocus.com/bid/51004

Trust: 0.6

url:http://koha-community.org/

Trust: 0.3

url:http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628

Trust: 0.3

sources: CNVD: CNVD-2011-5413 // BID: 51004 // CNNVD: CNNVD-201112-158

CREDITS

Fr?re S?bastien Marie

Trust: 0.6

sources: CNNVD: CNNVD-201112-158

SOURCES

db:IVDid:7b03b6ee-1f7a-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5413
db:BIDid:51004
db:CNNVDid:CNNVD-201112-158

LAST UPDATE DATE

2022-05-17T02:12:14.065000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5413date:2011-12-23T00:00:00
db:BIDid:51004date:2011-12-20T22:49:00
db:CNNVDid:CNNVD-201112-158date:2011-12-13T00:00:00

SOURCES RELEASE DATE

db:IVDid:7b03b6ee-1f7a-11e6-abef-000c29c66e3ddate:2011-12-23T00:00:00
db:CNVDid:CNVD-2011-5413date:2011-12-23T00:00:00
db:BIDid:51004date:2011-12-09T00:00:00
db:CNNVDid:CNNVD-201112-158date:1900-01-01T00:00:00