Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2011-4715

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.

  • Published: Dec 8, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-4715
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
koha / liblime_koha - 4.2.x
koha / koha 3.06.00.000 3.06.00.000.x
koha / koha 3.04.06 3.04.06.x
koha / koha 3.04.01 3.04.01.x
koha / koha 3.04.03 3.04.03.x
koha / koha 3.04.05 3.04.05.x
koha / koha 3.04.04 3.04.04.x
koha / koha 3.04.00 3.04.00.x
koha / koha 3.04.02 3.04.02.x