Vulnerabilities > Koha > Koha > 3.08.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-17 | CVE-2023-5025 | Cross-site Scripting vulnerability in Koha A vulnerability was found in KOHA up to 23.05.03. | 5.4 |
| 2020-01-24 | CVE-2014-1925 | SQL Injection vulnerability in Koha SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2020-01-24 | CVE-2014-1924 | SQL Injection vulnerability in Koha The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 7.5 |
| 2020-01-24 | CVE-2014-1923 | Path Traversal vulnerability in Koha Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | 5.0 |
| 2020-01-24 | CVE-2014-1922 | Path Traversal vulnerability in Koha Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2015-01-02 | CVE-2014-9446 | Cross-site Scripting vulnerability in Koha Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. | 4.3 |