Vulnerabilities > Koha > Koha > 3.06.09
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-28739 | Command Injection vulnerability in Koha An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. | 7.2 |
| 2024-08-06 | CVE-2024-28740 | Cross-site Scripting vulnerability in Koha Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. | 9.6 |
| 2024-02-12 | CVE-2024-24337 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Koha CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | 8.0 |
| 2023-09-17 | CVE-2023-5025 | Unspecified vulnerability in Koha A vulnerability was found in KOHA up to 23.05.03. | 5.4 |
| 2020-01-24 | CVE-2014-1925 | SQL Injection vulnerability in Koha SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2020-01-24 | CVE-2014-1924 | SQL Injection vulnerability in Koha The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 9.8 |
| 2020-01-24 | CVE-2014-1923 | Path Traversal vulnerability in Koha Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | 7.5 |
| 2020-01-24 | CVE-2014-1922 | Path Traversal vulnerability in Koha Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |