Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-4715

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.

See the

CVE page on Mitre.org for more details.

References

EXPLOIT-DB: 18153
CONFIRM: http://koha-community....
CONFIRM: http://koha-community....
CONFIRM: https://github.com/lib...
BID: 50812
OSVDB: 77322
SECUNIA: 46980
MISC: http://www.vigasis.com...
XF: liblimekoha-opacmain-f...

Launchpad.net

CVE 2011-4715

Related bugs

References