CVE-2015-4632
EUVD-2015-465118.10.2018, 21:29
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| koha | koha | 3.14.00 ≤ 𝑥 < 3.14.16 |
| koha | koha | 3.16.00 ≤ 𝑥 < 3.16.12 |
| koha | koha | 3.18.00 ≤ 𝑥 < 3.18.08 |
| koha | koha | 3.20.00 ≤ 𝑥 < 3.20.01 |
𝑥
= Vulnerable software versions
References