ID
VAR-190001-0112
TITLE
Koha 'help.pl' Local file contains vulnerabilities
Trust: 0.8
DESCRIPTION
Koha, the first open source library automation system, was born in 1999. Koha was originally designed to target the smallest hardware resources. Koha's 'help.pl' file is prone to injection vulnerabilities. An attacker could exploit this vulnerability to view local files and execute scripts under the web server process. There may be further danger of attack. A remote attacker successfully exploited this vulnerability to execute arbitrary code, which could cause a denial of service if the exploit failed. Koha is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks. Koha 3.4.x prior to 3.4.7 and 3.6.x prior to 3.6.1 are vulnerable
Trust: 0.99
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | koha | model: | library software community koha | scope: | eq | version: | 3.6 | Trust: 0.9 |
| vendor: | koha | model: | library software community koha | scope: | eq | version: | 3.4.6 | Trust: 0.9 |
| vendor: | koha | model: | library software community koha | scope: | eq | version: | 3.4.1 | Trust: 0.9 |
| vendor: | koha | model: | library software community koha | scope: | eq | version: | 3.4.2 | Trust: 0.9 |
| vendor: | koha | model: | library software community | scope: | eq | version: | * | Trust: 0.8 |
| vendor: | koha | model: | library software community koha | scope: | ne | version: | 3.6.1 | Trust: 0.3 |
| vendor: | koha | model: | library software community koha | scope: | ne | version: | 3.4.7 | Trust: 0.3 |
| vendor: | koha | model: | library software community koha | scope: | ne | version: | 3.2.11 | Trust: 0.3 |
| vendor: | koha | model: | - | scope: | eq | version: | 3.6* | Trust: 0.2 |
| vendor: | koha | model: | - | scope: | eq | version: | 3.4.6* | Trust: 0.2 |
| vendor: | koha | model: | - | scope: | eq | version: | 3.4.1* | Trust: 0.2 |
| vendor: | koha | model: | - | scope: | eq | version: | 3.4.2 | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
remote
Trust: 0.6
TYPE
Input Validation Error
Trust: 0.3
PATCH
| title: | Koha 'help.pl' patch for local file injection vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/6432 | Trust: 0.6 |
EXTERNAL IDS
| db: | BID | id: | 51004 | Trust: 1.5 |
| db: | CNVD | id: | CNVD-2011-5413 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201112-158 | Trust: 0.6 |
| db: | IVD | id: | 7B03B6EE-1F7A-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
REFERENCES
| url: | http://www.securityfocus.com/bid/51004/info | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/51004 | Trust: 0.6 |
| url: | http://koha-community.org/ | Trust: 0.3 |
| url: | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628 | Trust: 0.3 |
CREDITS
Fr?re S?bastien Marie
Trust: 0.6
SOURCES
| db: | IVD | id: | 7b03b6ee-1f7a-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2011-5413 |
| db: | BID | id: | 51004 |
| db: | CNNVD | id: | CNNVD-201112-158 |
LAST UPDATE DATE
2022-05-17T02:12:14.065000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2011-5413 | date: | 2011-12-23T00:00:00 |
| db: | BID | id: | 51004 | date: | 2011-12-20T22:49:00 |
| db: | CNNVD | id: | CNNVD-201112-158 | date: | 2011-12-13T00:00:00 |
SOURCES RELEASE DATE
| db: | IVD | id: | 7b03b6ee-1f7a-11e6-abef-000c29c66e3d | date: | 2011-12-23T00:00:00 |
| db: | CNVD | id: | CNVD-2011-5413 | date: | 2011-12-23T00:00:00 |
| db: | BID | id: | 51004 | date: | 2011-12-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201112-158 | date: | 1900-01-01T00:00:00 |