Koha
Monthly
SQL injection in Koha's reports/catalogue_out.pl grants authenticated staff with the Reports module flag full read access to the Koha MariaDB database, including borrower password hashes, 2FA secrets, API keys, session tokens, and patron PII. The vulnerability traces to a 2008 commit and was overlooked when CVE-2015-4633 patched the same injection class in sibling files. A working single-request proof-of-concept using EXTRACTVALUE error-based extraction has been publicly disclosed; no CISA KEV listing has been confirmed at time of analysis, but the low exploitation barrier for credentialed staff makes this a high-priority remediation.
SQL injection in the Koha library management system's staff interface allows authenticated users to manipulate the displayby parameter in suggestion.pl, enabling arbitrary SQL query execution against the backend database. Low-privileged staff members can exploit this vulnerability to extract sensitive data or modify database contents without additional privileges. No patch is currently available to remediate this high-severity vulnerability.
Koha versions 25.11 and earlier contain a stored cross-site scripting vulnerability in the News function that allows authenticated users to inject malicious scripts affecting other users who view the compromised content. Public exploit code exists for this vulnerability, and attackers can leverage it to steal session data or perform actions on behalf of victims. A patch is not currently available for affected deployments.
SQL injection in Koha's reports/catalogue_out.pl grants authenticated staff with the Reports module flag full read access to the Koha MariaDB database, including borrower password hashes, 2FA secrets, API keys, session tokens, and patron PII. The vulnerability traces to a 2008 commit and was overlooked when CVE-2015-4633 patched the same injection class in sibling files. A working single-request proof-of-concept using EXTRACTVALUE error-based extraction has been publicly disclosed; no CISA KEV listing has been confirmed at time of analysis, but the low exploitation barrier for credentialed staff makes this a high-priority remediation.
SQL injection in the Koha library management system's staff interface allows authenticated users to manipulate the displayby parameter in suggestion.pl, enabling arbitrary SQL query execution against the backend database. Low-privileged staff members can exploit this vulnerability to extract sensitive data or modify database contents without additional privileges. No patch is currently available to remediate this high-severity vulnerability.
Koha versions 25.11 and earlier contain a stored cross-site scripting vulnerability in the News function that allows authenticated users to inject malicious scripts affecting other users who view the compromised content. Public exploit code exists for this vulnerability, and attackers can leverage it to steal session data or perform actions on behalf of victims. A patch is not currently available for affected deployments.