QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4715

Published: Dec 8, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://koha-community.org/koha-3-6-1/#more-2929

x_refsource_CONFIRM

http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

http://koha-community.org/koha-3-4-7/#more-2971

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm

x_refsource_CONFIRM

liblimekoha-opacmain-file-include(71478)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.